az iot hub module-identity

Note

This reference is part of the azure-iot extension for Azure CLI and requires version 2.17.1 or higher. The extension will automatically install the first time you run an az iot hub module-identity command. Learn more about extensions.

Manage IoT device modules.

Commands

az iot hub module-identity connection-string

Manage IoT device module's connection string.

az iot hub module-identity connection-string show

Show a target IoT device module connection string.

az iot hub module-identity create

Create a module on a target IoT device in an IoT Hub.

az iot hub module-identity delete

Delete a device in an IoT Hub.

az iot hub module-identity list

List modules located on an IoT device in an IoT Hub.

az iot hub module-identity renew-key

Renew target keys of an IoT Hub device module with sas authentication.

az iot hub module-identity show

Get the details of an IoT device module in an IoT Hub.

az iot hub module-identity update

Update an IoT Hub device module.

az iot hub module-identity create

Create a module on a target IoT device in an IoT Hub.

When using the auth method of shared_private_key (also known as symmetric keys), if no custom keys are provided the service will generate them for the module.

az iot hub module-identity create --device-id
                                  --module-id
                                  [--am {shared_private_key, x509_ca, x509_thumbprint}]
                                  [--auth-type {key, login}]
                                  [--hub-name]
                                  [--login]
                                  [--od]
                                  [--pk]
                                  [--primary-thumbprint]
                                  [--resource-group]
                                  [--secondary-key]
                                  [--secondary-thumbprint]
                                  [--valid-days]

Required Parameters

--device-id -d

Target Device.

--module-id -m

Target Module.

Optional Parameters

--am --auth-method

The authorization method an entity is to be created with.

accepted values: shared_private_key, x509_ca, x509_thumbprint
default value: shared_private_key
--auth-type

Indicates whether the operation should auto-derive a policy key or use the current Azure AD session. You can configure the default using az configure --defaults iothub-data-auth-type=<auth-type-value>.

accepted values: key, login
default value: key
--hub-name -n

IoT Hub name. Required if --login is not provided.

--login -l

This command supports an entity connection string with rights to perform action. Use to avoid session login via "az login". If both an entity connection string and name are provided the connection string takes priority. Required if --hub-name is not provided.

--od --output-dir

Generate self-signed cert and use its thumbprint. Output to specified target directory.

--pk --primary-key

The primary symmetric shared access key stored in base64 format.

--primary-thumbprint --ptp

Self-signed certificate thumbprint to use for the primary thumbprint.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--secondary-key --sk

The secondary symmetric shared access key stored in base64 format.

--secondary-thumbprint --stp

Self-signed certificate thumbprint to use for the secondary thumbprint.

--valid-days --vd

Generate self-signed cert and use its thumbprint. Valid for specified number of days. Default: 365.

az iot hub module-identity delete

Delete a device in an IoT Hub.

az iot hub module-identity delete --device-id
                                  --module-id
                                  [--auth-type {key, login}]
                                  [--etag]
                                  [--hub-name]
                                  [--login]
                                  [--resource-group]

Required Parameters

--device-id -d

Target Device.

--module-id -m

Target Module.

Optional Parameters

--auth-type

Indicates whether the operation should auto-derive a policy key or use the current Azure AD session. You can configure the default using az configure --defaults iothub-data-auth-type=<auth-type-value>.

accepted values: key, login
default value: key
--etag -e

Etag or entity tag corresponding to the last state of the resource. If no etag is provided the value '*' is used.

--hub-name -n

IoT Hub name. Required if --login is not provided.

--login -l

This command supports an entity connection string with rights to perform action. Use to avoid session login via "az login". If both an entity connection string and name are provided the connection string takes priority. Required if --hub-name is not provided.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az iot hub module-identity list

List modules located on an IoT device in an IoT Hub.

az iot hub module-identity list --device-id
                                [--auth-type {key, login}]
                                [--hub-name]
                                [--login]
                                [--resource-group]
                                [--top]

Required Parameters

--device-id -d

Target Device.

Optional Parameters

--auth-type

Indicates whether the operation should auto-derive a policy key or use the current Azure AD session. You can configure the default using az configure --defaults iothub-data-auth-type=<auth-type-value>.

accepted values: key, login
default value: key
--hub-name -n

IoT Hub name. Required if --login is not provided.

--login -l

This command supports an entity connection string with rights to perform action. Use to avoid session login via "az login". If both an entity connection string and name are provided the connection string takes priority. Required if --hub-name is not provided.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--top

Maximum number of elements to return. Use -1 for unlimited.

default value: 1000

az iot hub module-identity renew-key

Renew target keys of an IoT Hub device module with sas authentication.

az iot hub module-identity renew-key --device-id
                                     --hub-name
                                     --key-type {primary, secondary, swap}
                                     --module-id
                                     [--auth-type {key, login}]
                                     [--etag]
                                     [--login]
                                     [--resource-group]

Examples

Renew the primary key.

az iot hub module-identity renew-key -m {module_name} -d {device_id} -n {iothub_name} --kt primary

Swap the primary and secondary keys.

az iot hub module-identity renew-key -m {module_name} -d {device_id} -n {iothub_name} --kt swap

Required Parameters

--device-id -d

Target Device.

--hub-name -n

IoT Hub name. Required if --login is not provided.

--key-type --kt

Target key type to regenerate.

accepted values: primary, secondary, swap
--module-id -m

Target Module.

Optional Parameters

--auth-type

Indicates whether the operation should auto-derive a policy key or use the current Azure AD session. You can configure the default using az configure --defaults iothub-data-auth-type=<auth-type-value>.

accepted values: key, login
default value: key
--etag -e

Etag or entity tag corresponding to the last state of the resource. If no etag is provided the value '*' is used.

--login -l

This command supports an entity connection string with rights to perform action. Use to avoid session login via "az login". If both an entity connection string and name are provided the connection string takes priority. Required if --hub-name is not provided.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az iot hub module-identity show

Get the details of an IoT device module in an IoT Hub.

az iot hub module-identity show --device-id
                                --module-id
                                [--auth-type {key, login}]
                                [--hub-name]
                                [--login]
                                [--resource-group]

Required Parameters

--device-id -d

Target Device.

--module-id -m

Target Module.

Optional Parameters

--auth-type

Indicates whether the operation should auto-derive a policy key or use the current Azure AD session. You can configure the default using az configure --defaults iothub-data-auth-type=<auth-type-value>.

accepted values: key, login
default value: key
--hub-name -n

IoT Hub name. Required if --login is not provided.

--login -l

This command supports an entity connection string with rights to perform action. Use to avoid session login via "az login". If both an entity connection string and name are provided the connection string takes priority. Required if --hub-name is not provided.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az iot hub module-identity update

Update an IoT Hub device module.

Use --set followed by property assignments for updating a module. Leverage properties returned from 'iot hub module-identity show'.

az iot hub module-identity update --device-id
                                  --module-id
                                  [--add]
                                  [--auth-type {key, login}]
                                  [--etag]
                                  [--force-string]
                                  [--hub-name]
                                  [--login]
                                  [--remove]
                                  [--resource-group]
                                  [--set]

Examples

Regenerate module symmetric authentication keys

az iot hub module-identity update -m {module_name} -d {device_id} -n {iothub_name} --set authentication.symmetricKey.primaryKey="" authentication.symmetricKey.secondaryKey=""

Required Parameters

--device-id -d

Target Device.

--module-id -m

Target Module.

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--auth-type

Indicates whether the operation should auto-derive a policy key or use the current Azure AD session. You can configure the default using az configure --defaults iothub-data-auth-type=<auth-type-value>.

accepted values: key, login
default value: key
--etag -e

Etag or entity tag corresponding to the last state of the resource. If no etag is provided the value '*' is used.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

--hub-name -n

IoT Hub name. Required if --login is not provided.

--login -l

This command supports an entity connection string with rights to perform action. Use to avoid session login via "az login". If both an entity connection string and name are provided the connection string takes priority. Required if --hub-name is not provided.

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.