New-AzKeyVaultManagedHsm
Creates a managed HSM.
Note
This is the previous version of our documentation. Please consult the most recent version for up-to-date information.
Syntax
New-AzKeyVaultManagedHsm
[-Name] <String>
[-ResourceGroupName] <String>
[-Location] <String>
[-Administrator] <String[]>
[-Sku <String>]
[-SoftDeleteRetentionInDays <Int32>]
[-PublicNetworkAccess <String>]
[-EnablePurgeProtection]
[-Tag <Hashtable>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Description
The New-AzKeyVaultManagedHsm cmdlet creates a managed HSM in the specified resource group. To add, remove, or list keys in the managed HSM, user should:
- grant permissions by adding user ID to Administrator;
- add role assignment for user like "Managed HSM Crypto User" and so on;
- back up security domain data of a managed HSM using
Export-AzKeyVaultSecurityDomain.
Examples
Example 1: Create a StandardB1 managed HSM
New-AzKeyVaultManagedHsm -Name 'myhsm' -ResourceGroupName 'myrg1' -Location 'eastus2euap' -Administrator "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
Name Resource Group Name Location SKU
---- ------------------- -------- ---
myhsm myrg1 eastus2euap StandardB1This command creates a managed HSM named myhsm in the location eastus2euap. The command adds the managed HSM to the resource group named myrg1. Because the command does not specify a value for the SKU parameter, it creates a Standard_B1 managed HSM.
Example 2: Create a CustomB32 managed HSM
New-AzKeyVaultManagedHsm -Name 'myhsm' -ResourceGroupName 'myrg1' -Location 'eastus2euap' -Administrator "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -Sku 'CustomB32'
Name Resource Group Name Location SKU
---- ------------------- -------- ---
myhsm myrg1 eastus2euap CustomB32This command creates a managed HSM, just like the previous example. However, it specifies a value of CustomB32 for the SKU parameter to create a CustomB32 managed HSM.
Parameters
Initial administrator object id for this managed HSM pool.
| Type: | String[] |
| Position: | 3 |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Run cmdlet in the background
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
specifying whether protection against purge is enabled for this managed HSM pool. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the Azure region in which to create the key vault. Use the command Get-AzResourceProvider with the ProviderNamespace parameter to see your choices.
| Type: | String |
| Position: | 2 |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies a name of the managed HSM to create. The name can be any combination of letters, digits, or hyphens. The name must start and end with a letter or digit. The name must be universally unique.
| Type: | String |
| Aliases: | HsmName |
| Position: | 0 |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Controls permission for data plane traffic coming from public networks while private endpoint is enabled.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the name of an existing resource group in which to create the key vault.
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies the SKU of the managed HSM instance.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Specifies how long the deleted managed hsm pool is retained, and how long until the managed hsm pool in the deleted state can be purged. The default is 90 days.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
The ID of the subscription. By default, cmdlets are executed in the subscription that is set in the current context. If the user specifies another subscription, the current cmdlet is executed in the subscription specified by the user. Overriding subscriptions only take effect during the lifecycle of the current cmdlet. It does not change the subscription in the context, and does not affect subsequent cmdlets.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
A hash table which represents resource tags.
| Type: | Hashtable |
| Aliases: | Tags |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
String[]