Set-AzRecoveryServicesVaultProperty

Updates properties of a Vault.

Syntax

Set-AzRecoveryServicesVaultProperty
   -SoftDeleteFeatureState <String>
   [-VaultId <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzRecoveryServicesVaultProperty
   [-VaultId <String>]
   [-DefaultProfile <IAzureContextContainer>]
   -EncryptionKeyId <String>
   [-KeyVaultSubscriptionId <String>]
   [-InfrastructureEncryption]
   [-UseSystemAssignedIdentity <Boolean>]
   [-UserAssignedIdentity <String>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-AzRecoveryServicesVaultProperty cmdlet updates properties of a Recovery services vault. This cmdlet can be used to enable/disable soft delete or set CMK encryption for a vault with two different parameter sets. SoftDeleteFeatureState property of a vault can be disabled only if there are no registered containers in the vault. InfrastructurEncryption can only be set the first time a user updates the CMK vault.

Examples

Example 1: Update SoftDeleteFeatureState of a vault

PS C:\> $vault = Get-AzRecoveryServicesVault -ResourceGroupName "rgName" -Name "vaultName"
PS C:\> $props = Set-AzRecoveryServicesVaultProperty -VaultId $vault.Id -SoftDeleteFeatureState Enable

The first command gets a Vault object and then stores it in the $vault variable. The second command Updates the SoftDeleteFeatureState property of the vault to "Enabled" state.

Example 2: Update CMK encryption of a vault to use SystemAssigned MSIdentity

PS C:\> $vault = Get-AzRecoveryServicesVault -ResourceGroupName "rgName" -Name "vaultName"
PS C:\> $keyVault = Get-AzKeyVault -VaultName "keyVaultName" -ResourceGroupName "RGName" 
PS C:\> $key = Get-AzKeyVaultKey -VaultName "keyVaultName" -Name "keyName" 
PS C:\> Set-AzRecoveryServicesVaultProperty -EncryptionKeyId $key.ID -InfrastructureEncryption -VaultId $vault.ID -UseSystemAssignedIdentity $true

First cmdlet gets the RSVault to update encryption properties. Second cmdlet gets the azure key vault. Third cmdlet gets the key from the key vault. Fourth cmdlet updates the customer managed encryption key within the RSVault to be accessed via SystemAssigned identity. Use -InfrastructureEncryption param to enable infrastructure encryption for the first time update.

Example 3: Update CMK encryption of a vault to use userAssigned MSIdentity

PS C:\> $vault = Get-AzRecoveryServicesVault -ResourceGroupName "rgName" -Name "vaultName"
PS C:\> $keyVault = Get-AzKeyVault -VaultName "keyVaultName" -ResourceGroupName "RGName" 
PS C:\> $key = Get-AzKeyVaultKey -VaultName "keyVaultName" -Name "keyName" 
PS C:\> Set-AzRecoveryServicesVaultProperty -EncryptionKeyId $key.ID -VaultId $vault.ID -UseSystemAssignedIdentity $false -UserAssignedIdentity $vault.Identity.UserAssignedIdentities.Keys[0]

First cmdlet gets the RSVault to update encryption properties. Second cmdlet gets the azure key vault. Third cmdlet gets the key from the key vault. Fourth cmdlet updates the customer managed encryption key within the RSVault to be accessed via UserAssigned identity.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-EncryptionKeyId

KeyId of the encryption key to be used for CMK.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-InfrastructureEncryption

Enables infrastructure encryption on this vault. Infrastructure encryption must be enabled when configuring encryption.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-KeyVaultSubscriptionId

Subscription Id of the Key Vault.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SoftDeleteFeatureState

SoftDeleteFeatureState of the Recovery Services Vault.

Type:String
Accepted values:Enable, Disable
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-UserAssignedIdentity

ARM Id of UserAssigned Identity to be used for CMK encryption. Provide this parameter if UseSystemAssignedIdentity is $false.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-UseSystemAssignedIdentity

Boolean flag to indicate if SystemAssigned Identity will be used for CMK encryption. Accepted Vaules: $true, $false

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-VaultId

ARM ID of the Recovery Services Vault.

Type:String
Position:Named
Default value:None
Accept pipeline input:True
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

Microsoft.Azure.Commands.RecoveryServices.Backup.Cmdlets.Models.VaultSoftDeleteFeatureState

Outputs

BackupResourceVaultConfigResource