Backup-AzKeyVault
Fully backup a managed HSM.
Syntax
Backup-AzKeyVault
[-HsmName] <String>
-StorageAccountName <String>
-StorageContainerName <String>
[-SasToken <SecureString>]
[-UseUserManagedIdentity]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Backup-AzKeyVault
[-HsmName] <String>
-StorageContainerUri <Uri>
[-SasToken <SecureString>]
[-UseUserManagedIdentity]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Backup-AzKeyVault
-StorageContainerUri <Uri>
[-SasToken <SecureString>]
[-UseUserManagedIdentity]
-HsmObject <PSManagedHsm>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Backup-AzKeyVault
-StorageAccountName <String>
-StorageContainerName <String>
[-SasToken <SecureString>]
[-UseUserManagedIdentity]
-HsmObject <PSManagedHsm>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Fully backup a managed HSM to a storage account.
Use Restore-AzKeyVault to restore the backup.
Examples
Example 1 Backup an HSM to Storage Container using SAS token
$sasToken = ConvertTo-SecureString -AsPlainText -Force "?sv=2019-12-12&ss=bfqt&srt=sco&sp=rwdlacupx&se=2020-10-12T14:42:19Z&st=2020-10-12T06:42:19Z&spr=https&sig=******"
Backup-AzKeyVault -HsmName myHsm -StorageContainerUri "https://{accountName}.blob.core.windows.net/{containerName}" -SasToken $sasToken
https://{accountName}.blob.core.windows.net/{containerName}/{backupFolder}The cmdlet will create a folder (typically named mhsm-{name}-{timestamp}) in the storage container, store the backup in that folder and output the folder URI.
Example 2 Backup an HSM to Storage Container via User Assigned Managed Identity Authentication
# Make sure an identity is assigend to the Hsm
Update-AzKeyVaultManagedHsm -UserAssignedIdentity "/subscriptions/{sub-id}/resourceGroups/{rg-name}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identity-name}"
Backup-AzKeyVault -HsmName myHsm -StorageContainerUri "https://{accountName}.blob.core.windows.net/{containerName}" -UseUserManagedIdentity
https://{accountName}.blob.core.windows.net/{containerName}/{backupFolder}The cmdlet will backup the hsm in specific Storage Container and output the folder URI via User Assigned Managed Identity Authentication. The Managed Identity should be assigned access permission to the storage container.
Example 3 Backup an HSM to Storage Container using Storage Account Name and Storage Container
Backup-AzKeyVault -HsmName myHsm -StorageAccountName "{accountName}" -StorageContainerName "{containerName}" -UseUserManagedIdentity
https://{accountName}.blob.core.windows.net/{containerName}/{backupFolder}The cmdlet will create a folder (typically named mhsm-{name}-{timestamp}) in the storage container, store the backup in that folder and output the folder URI.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-HsmName
Name of the HSM.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-HsmObject
Managed HSM object
| Type: | PSManagedHsm |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-SasToken
The shared access signature (SAS) token to authenticate the storage account.
| Type: | SecureString |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-StorageAccountName
Name of the storage account where the backup is going to be stored.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-StorageContainerName
Name of the blob container where the backup is going to be stored.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-StorageContainerUri
URI of the storage container where the backup is going to be stored.
| Type: | Uri |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UseUserManagedIdentity
Specified to use User Managed Identity to authenticate the storage account. Only valid when SasToken is not set.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
None
Outputs
Azure PowerShell
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for