Microsoft.KeyVault vaults/keys 2021-04-01-preview

The vaults/keys resource type can be deployed to: Resource groups.

To learn about resource group deployments, see Bicep or ARM template.

Template format

To create a Microsoft.KeyVault/vaults/keys resource, add the following Bicep or JSON to your template.

resource symbolicname 'Microsoft.KeyVault/vaults/keys@2021-04-01-preview' = {
  name: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  properties: {
    attributes: {
      enabled: bool
      exp: int
      nbf: int
    }
    curveName: 'string'
    keyOps: [ 'string' ]
    keySize: int
    kty: 'string'
    rotationPolicy: {
      attributes: {
        expiryTime: 'string'
      }
      lifetimeActions: [
        {
          action: {
            type: 'string'
          }
          trigger: {
            timeAfterCreate: 'string'
            timeBeforeExpiry: 'string'
          }
        }
      ]
    }
  }
}

Property values

vaults/keys

Name Description Value
type The resource type

For Bicep, set this value in the resource declaration.
'Microsoft.KeyVault/vaults/keys'
apiVersion The resource api version

For Bicep, set this value in the resource declaration.
'2021-04-01-preview'
name The resource name

See how to set names and types for child resources in Bicep or JSON ARM templates.
string (required)
tags Tags assigned to the key vault resource. Dictionary of tag names and values. See Tags in templates
properties The properties of the key. KeyProperties (required)

KeyProperties

Name Description Value
attributes The object attributes managed by the Azure Key Vault service. KeyAttributes
curveName The elliptic curve name. For valid values, see JsonWebKeyCurveName. 'P-256'
'P-256K'
'P-384'
'P-521'
keyOps Array of JsonWebKeyOperation String array containing any of:
'decrypt'
'encrypt'
'import'
'sign'
'unwrapKey'
'verify'
'wrapKey'
keySize The key size in bits. For example: 2048, 3072, or 4096 for RSA. int
kty The type of the key. For valid values, see JsonWebKeyType. 'EC'
'EC-HSM'
'RSA'
'RSA-HSM'
rotationPolicy RotationPolicy

KeyAttributes

Name Description Value
enabled Determines whether or not the object is enabled. bool
exp Expiry date in seconds since 1970-01-01T00:00:00Z. int
nbf Not before date in seconds since 1970-01-01T00:00:00Z. int

RotationPolicy

Name Description Value
attributes KeyRotationPolicyAttributes
lifetimeActions The lifetimeActions for key rotation action. LifetimeAction[]

KeyRotationPolicyAttributes

Name Description Value
expiryTime The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'. string

LifetimeAction

Name Description Value
action Action
trigger Trigger

Action

Name Description Value
type The type of action. 'notify'
'rotate'

Trigger

Name Description Value
timeAfterCreate The time duration after key creation to rotate the key. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'. string
timeBeforeExpiry The time duration before key expiring to rotate the key. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create a Key in Azure KeyVault

Deploy to Azure
This module allows you to create a key in an existing KeyVault.