Docs
PackagesWe recommend using Azure Native.
Azure Classic v5.81.0 published on Monday, Jun 24, 2024 by Pulumi
azure.keyvault.ManagedStorageAccount
Explore with Pulumi AI
Manages a Key Vault Managed Storage Account.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const current = azure.core.getClientConfig({});
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleAccount = new azure.storage.Account("example", {
name: "storageaccountname",
resourceGroupName: example.name,
location: example.location,
accountTier: "Standard",
accountReplicationType: "LRS",
});
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
name: "keyvaultname",
location: example.location,
resourceGroupName: example.name,
tenantId: current.then(current => current.tenantId),
skuName: "standard",
accessPolicies: [{
tenantId: current.then(current => current.tenantId),
objectId: current.then(current => current.objectId),
secretPermissions: [
"Get",
"Delete",
],
storagePermissions: [
"Get",
"List",
"Set",
"SetSAS",
"GetSAS",
"DeleteSAS",
"Update",
"RegenerateKey",
],
}],
});
const exampleManagedStorageAccount = new azure.keyvault.ManagedStorageAccount("example", {
name: "examplemanagedstorage",
keyVaultId: exampleKeyVault.id,
storageAccountId: exampleAccount.id,
storageAccountKey: "key1",
regenerateKeyAutomatically: false,
regenerationPeriod: "P1D",
});
import pulumi
import pulumi_azure as azure
current = azure.core.get_client_config()
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_account = azure.storage.Account("example",
name="storageaccountname",
resource_group_name=example.name,
location=example.location,
account_tier="Standard",
account_replication_type="LRS")
example_key_vault = azure.keyvault.KeyVault("example",
name="keyvaultname",
location=example.location,
resource_group_name=example.name,
tenant_id=current.tenant_id,
sku_name="standard",
access_policies=[azure.keyvault.KeyVaultAccessPolicyArgs(
tenant_id=current.tenant_id,
object_id=current.object_id,
secret_permissions=[
"Get",
"Delete",
],
storage_permissions=[
"Get",
"List",
"Set",
"SetSAS",
"GetSAS",
"DeleteSAS",
"Update",
"RegenerateKey",
],
)])
example_managed_storage_account = azure.keyvault.ManagedStorageAccount("example",
name="examplemanagedstorage",
key_vault_id=example_key_vault.id,
storage_account_id=example_account.id,
storage_account_key="key1",
regenerate_key_automatically=False,
regeneration_period="P1D")
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := core.GetClientConfig(ctx, nil, nil)
if err != nil {
return err
}
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("storageaccountname"),
ResourceGroupName: example.Name,
Location: example.Location,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("LRS"),
})
if err != nil {
return err
}
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
Name: pulumi.String("keyvaultname"),
Location: example.Location,
ResourceGroupName: example.Name,
TenantId: pulumi.String(current.TenantId),
SkuName: pulumi.String("standard"),
AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
&keyvault.KeyVaultAccessPolicyArgs{
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(current.ObjectId),
SecretPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("Delete"),
},
StoragePermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("List"),
pulumi.String("Set"),
pulumi.String("SetSAS"),
pulumi.String("GetSAS"),
pulumi.String("DeleteSAS"),
pulumi.String("Update"),
pulumi.String("RegenerateKey"),
},
},
},
})
if err != nil {
return err
}
_, err = keyvault.NewManagedStorageAccount(ctx, "example", &keyvault.ManagedStorageAccountArgs{
Name: pulumi.String("examplemanagedstorage"),
KeyVaultId: exampleKeyVault.ID(),
StorageAccountId: exampleAccount.ID(),
StorageAccountKey: pulumi.String("key1"),
RegenerateKeyAutomatically: pulumi.Bool(false),
RegenerationPeriod: pulumi.String("P1D"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var current = Azure.Core.GetClientConfig.Invoke();
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "storageaccountname",
ResourceGroupName = example.Name,
Location = example.Location,
AccountTier = "Standard",
AccountReplicationType = "LRS",
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
{
Name = "keyvaultname",
Location = example.Location,
ResourceGroupName = example.Name,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
SkuName = "standard",
AccessPolicies = new[]
{
new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
SecretPermissions = new[]
{
"Get",
"Delete",
},
StoragePermissions = new[]
{
"Get",
"List",
"Set",
"SetSAS",
"GetSAS",
"DeleteSAS",
"Update",
"RegenerateKey",
},
},
},
});
var exampleManagedStorageAccount = new Azure.KeyVault.ManagedStorageAccount("example", new()
{
Name = "examplemanagedstorage",
KeyVaultId = exampleKeyVault.Id,
StorageAccountId = exampleAccount.Id,
StorageAccountKey = "key1",
RegenerateKeyAutomatically = false,
RegenerationPeriod = "P1D",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
import com.pulumi.azure.keyvault.ManagedStorageAccount;
import com.pulumi.azure.keyvault.ManagedStorageAccountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = CoreFunctions.getClientConfig();
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("storageaccountname")
.resourceGroupName(example.name())
.location(example.location())
.accountTier("Standard")
.accountReplicationType("LRS")
.build());
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.name("keyvaultname")
.location(example.location())
.resourceGroupName(example.name())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.skuName("standard")
.accessPolicies(KeyVaultAccessPolicyArgs.builder()
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.secretPermissions(
"Get",
"Delete")
.storagePermissions(
"Get",
"List",
"Set",
"SetSAS",
"GetSAS",
"DeleteSAS",
"Update",
"RegenerateKey")
.build())
.build());
var exampleManagedStorageAccount = new ManagedStorageAccount("exampleManagedStorageAccount", ManagedStorageAccountArgs.builder()
.name("examplemanagedstorage")
.keyVaultId(exampleKeyVault.id())
.storageAccountId(exampleAccount.id())
.storageAccountKey("key1")
.regenerateKeyAutomatically(false)
.regenerationPeriod("P1D")
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: storageaccountname
resourceGroupName: ${example.name}
location: ${example.location}
accountTier: Standard
accountReplicationType: LRS
exampleKeyVault:
type: azure:keyvault:KeyVault
name: example
properties:
name: keyvaultname
location: ${example.location}
resourceGroupName: ${example.name}
tenantId: ${current.tenantId}
skuName: standard
accessPolicies:
- tenantId: ${current.tenantId}
objectId: ${current.objectId}
secretPermissions:
- Get
- Delete
storagePermissions:
- Get
- List
- Set
- SetSAS
- GetSAS
- DeleteSAS
- Update
- RegenerateKey
exampleManagedStorageAccount:
type: azure:keyvault:ManagedStorageAccount
name: example
properties:
name: examplemanagedstorage
keyVaultId: ${exampleKeyVault.id}
storageAccountId: ${exampleAccount.id}
storageAccountKey: key1
regenerateKeyAutomatically: false
regenerationPeriod: P1D
variables:
current:
fn::invoke:
Function: azure:core:getClientConfig
Arguments: {}
Automatically Regenerate Storage Account Access Key)
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as azuread from "@pulumi/azuread";
const current = azure.core.getClientConfig({});
const test = azuread.getServicePrincipal({
applicationId: "cfa8b339-82a2-471a-a3c9-0fc0be7a4093",
});
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleAccount = new azure.storage.Account("example", {
name: "storageaccountname",
resourceGroupName: example.name,
location: example.location,
accountTier: "Standard",
accountReplicationType: "LRS",
});
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
name: "keyvaultname",
location: example.location,
resourceGroupName: example.name,
tenantId: current.then(current => current.tenantId),
skuName: "standard",
accessPolicies: [{
tenantId: current.then(current => current.tenantId),
objectId: current.then(current => current.objectId),
secretPermissions: [
"Get",
"Delete",
],
storagePermissions: [
"Get",
"List",
"Set",
"SetSAS",
"GetSAS",
"DeleteSAS",
"Update",
"RegenerateKey",
],
}],
});
const exampleAssignment = new azure.authorization.Assignment("example", {
scope: exampleAccount.id,
roleDefinitionName: "Storage Account Key Operator Service Role",
principalId: test.then(test => test.id),
});
const exampleManagedStorageAccount = new azure.keyvault.ManagedStorageAccount("example", {
name: "examplemanagedstorage",
keyVaultId: exampleKeyVault.id,
storageAccountId: exampleAccount.id,
storageAccountKey: "key1",
regenerateKeyAutomatically: true,
regenerationPeriod: "P1D",
}, {
dependsOn: [exampleAssignment],
});
import pulumi
import pulumi_azure as azure
import pulumi_azuread as azuread
current = azure.core.get_client_config()
test = azuread.get_service_principal(application_id="cfa8b339-82a2-471a-a3c9-0fc0be7a4093")
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_account = azure.storage.Account("example",
name="storageaccountname",
resource_group_name=example.name,
location=example.location,
account_tier="Standard",
account_replication_type="LRS")
example_key_vault = azure.keyvault.KeyVault("example",
name="keyvaultname",
location=example.location,
resource_group_name=example.name,
tenant_id=current.tenant_id,
sku_name="standard",
access_policies=[azure.keyvault.KeyVaultAccessPolicyArgs(
tenant_id=current.tenant_id,
object_id=current.object_id,
secret_permissions=[
"Get",
"Delete",
],
storage_permissions=[
"Get",
"List",
"Set",
"SetSAS",
"GetSAS",
"DeleteSAS",
"Update",
"RegenerateKey",
],
)])
example_assignment = azure.authorization.Assignment("example",
scope=example_account.id,
role_definition_name="Storage Account Key Operator Service Role",
principal_id=test.id)
example_managed_storage_account = azure.keyvault.ManagedStorageAccount("example",
name="examplemanagedstorage",
key_vault_id=example_key_vault.id,
storage_account_id=example_account.id,
storage_account_key="key1",
regenerate_key_automatically=True,
regeneration_period="P1D",
opts=pulumi.ResourceOptions(depends_on=[example_assignment]))
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/storage"
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := core.GetClientConfig(ctx, nil, nil)
if err != nil {
return err
}
test, err := azuread.LookupServicePrincipal(ctx, &azuread.LookupServicePrincipalArgs{
ApplicationId: pulumi.StringRef("cfa8b339-82a2-471a-a3c9-0fc0be7a4093"),
}, nil)
if err != nil {
return err
}
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
Name: pulumi.String("storageaccountname"),
ResourceGroupName: example.Name,
Location: example.Location,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("LRS"),
})
if err != nil {
return err
}
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
Name: pulumi.String("keyvaultname"),
Location: example.Location,
ResourceGroupName: example.Name,
TenantId: pulumi.String(current.TenantId),
SkuName: pulumi.String("standard"),
AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
&keyvault.KeyVaultAccessPolicyArgs{
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(current.ObjectId),
SecretPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("Delete"),
},
StoragePermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("List"),
pulumi.String("Set"),
pulumi.String("SetSAS"),
pulumi.String("GetSAS"),
pulumi.String("DeleteSAS"),
pulumi.String("Update"),
pulumi.String("RegenerateKey"),
},
},
},
})
if err != nil {
return err
}
exampleAssignment, err := authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
Scope: exampleAccount.ID(),
RoleDefinitionName: pulumi.String("Storage Account Key Operator Service Role"),
PrincipalId: pulumi.String(test.Id),
})
if err != nil {
return err
}
_, err = keyvault.NewManagedStorageAccount(ctx, "example", &keyvault.ManagedStorageAccountArgs{
Name: pulumi.String("examplemanagedstorage"),
KeyVaultId: exampleKeyVault.ID(),
StorageAccountId: exampleAccount.ID(),
StorageAccountKey: pulumi.String("key1"),
RegenerateKeyAutomatically: pulumi.Bool(true),
RegenerationPeriod: pulumi.String("P1D"),
}, pulumi.DependsOn([]pulumi.Resource{
exampleAssignment,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var current = Azure.Core.GetClientConfig.Invoke();
var test = AzureAD.GetServicePrincipal.Invoke(new()
{
ApplicationId = "cfa8b339-82a2-471a-a3c9-0fc0be7a4093",
});
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleAccount = new Azure.Storage.Account("example", new()
{
Name = "storageaccountname",
ResourceGroupName = example.Name,
Location = example.Location,
AccountTier = "Standard",
AccountReplicationType = "LRS",
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
{
Name = "keyvaultname",
Location = example.Location,
ResourceGroupName = example.Name,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
SkuName = "standard",
AccessPolicies = new[]
{
new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
SecretPermissions = new[]
{
"Get",
"Delete",
},
StoragePermissions = new[]
{
"Get",
"List",
"Set",
"SetSAS",
"GetSAS",
"DeleteSAS",
"Update",
"RegenerateKey",
},
},
},
});
var exampleAssignment = new Azure.Authorization.Assignment("example", new()
{
Scope = exampleAccount.Id,
RoleDefinitionName = "Storage Account Key Operator Service Role",
PrincipalId = test.Apply(getServicePrincipalResult => getServicePrincipalResult.Id),
});
var exampleManagedStorageAccount = new Azure.KeyVault.ManagedStorageAccount("example", new()
{
Name = "examplemanagedstorage",
KeyVaultId = exampleKeyVault.Id,
StorageAccountId = exampleAccount.Id,
StorageAccountKey = "key1",
RegenerateKeyAutomatically = true,
RegenerationPeriod = "P1D",
}, new CustomResourceOptions
{
DependsOn =
{
exampleAssignment,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetServicePrincipalArgs;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
import com.pulumi.azure.authorization.Assignment;
import com.pulumi.azure.authorization.AssignmentArgs;
import com.pulumi.azure.keyvault.ManagedStorageAccount;
import com.pulumi.azure.keyvault.ManagedStorageAccountArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = CoreFunctions.getClientConfig();
final var test = AzureadFunctions.getServicePrincipal(GetServicePrincipalArgs.builder()
.applicationId("cfa8b339-82a2-471a-a3c9-0fc0be7a4093")
.build());
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.name("storageaccountname")
.resourceGroupName(example.name())
.location(example.location())
.accountTier("Standard")
.accountReplicationType("LRS")
.build());
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.name("keyvaultname")
.location(example.location())
.resourceGroupName(example.name())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.skuName("standard")
.accessPolicies(KeyVaultAccessPolicyArgs.builder()
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.secretPermissions(
"Get",
"Delete")
.storagePermissions(
"Get",
"List",
"Set",
"SetSAS",
"GetSAS",
"DeleteSAS",
"Update",
"RegenerateKey")
.build())
.build());
var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
.scope(exampleAccount.id())
.roleDefinitionName("Storage Account Key Operator Service Role")
.principalId(test.applyValue(getServicePrincipalResult -> getServicePrincipalResult.id()))
.build());
var exampleManagedStorageAccount = new ManagedStorageAccount("exampleManagedStorageAccount", ManagedStorageAccountArgs.builder()
.name("examplemanagedstorage")
.keyVaultId(exampleKeyVault.id())
.storageAccountId(exampleAccount.id())
.storageAccountKey("key1")
.regenerateKeyAutomatically(true)
.regenerationPeriod("P1D")
.build(), CustomResourceOptions.builder()
.dependsOn(exampleAssignment)
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleAccount:
type: azure:storage:Account
name: example
properties:
name: storageaccountname
resourceGroupName: ${example.name}
location: ${example.location}
accountTier: Standard
accountReplicationType: LRS
exampleKeyVault:
type: azure:keyvault:KeyVault
name: example
properties:
name: keyvaultname
location: ${example.location}
resourceGroupName: ${example.name}
tenantId: ${current.tenantId}
skuName: standard
accessPolicies:
- tenantId: ${current.tenantId}
objectId: ${current.objectId}
secretPermissions:
- Get
- Delete
storagePermissions:
- Get
- List
- Set
- SetSAS
- GetSAS
- DeleteSAS
- Update
- RegenerateKey
exampleAssignment:
type: azure:authorization:Assignment
name: example
properties:
scope: ${exampleAccount.id}
roleDefinitionName: Storage Account Key Operator Service Role
principalId: ${test.id}
exampleManagedStorageAccount:
type: azure:keyvault:ManagedStorageAccount
name: example
properties:
name: examplemanagedstorage
keyVaultId: ${exampleKeyVault.id}
storageAccountId: ${exampleAccount.id}
storageAccountKey: key1
regenerateKeyAutomatically: true
regenerationPeriod: P1D
options:
dependson:
- ${exampleAssignment}
variables:
current:
fn::invoke:
Function: azure:core:getClientConfig
Arguments: {}
test:
fn::invoke:
Function: azuread:getServicePrincipal
Arguments:
applicationId: cfa8b339-82a2-471a-a3c9-0fc0be7a4093
Create ManagedStorageAccount Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ManagedStorageAccount(name: string, args: ManagedStorageAccountArgs, opts?: CustomResourceOptions);@overload
def ManagedStorageAccount(resource_name: str,
args: ManagedStorageAccountArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ManagedStorageAccount(resource_name: str,
opts: Optional[ResourceOptions] = None,
key_vault_id: Optional[str] = None,
storage_account_id: Optional[str] = None,
storage_account_key: Optional[str] = None,
name: Optional[str] = None,
regenerate_key_automatically: Optional[bool] = None,
regeneration_period: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)func NewManagedStorageAccount(ctx *Context, name string, args ManagedStorageAccountArgs, opts ...ResourceOption) (*ManagedStorageAccount, error)public ManagedStorageAccount(string name, ManagedStorageAccountArgs args, CustomResourceOptions? opts = null)
public ManagedStorageAccount(String name, ManagedStorageAccountArgs args)
public ManagedStorageAccount(String name, ManagedStorageAccountArgs args, CustomResourceOptions options)
type: azure:keyvault:ManagedStorageAccount
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ManagedStorageAccountArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ManagedStorageAccountArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ManagedStorageAccountArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ManagedStorageAccountArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ManagedStorageAccountArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var managedStorageAccountResource = new Azure.KeyVault.ManagedStorageAccount("managedStorageAccountResource", new()
{
KeyVaultId = "string",
StorageAccountId = "string",
StorageAccountKey = "string",
Name = "string",
RegenerateKeyAutomatically = false,
RegenerationPeriod = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := keyvault.NewManagedStorageAccount(ctx, "managedStorageAccountResource", &keyvault.ManagedStorageAccountArgs{
KeyVaultId: pulumi.String("string"),
StorageAccountId: pulumi.String("string"),
StorageAccountKey: pulumi.String("string"),
Name: pulumi.String("string"),
RegenerateKeyAutomatically: pulumi.Bool(false),
RegenerationPeriod: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var managedStorageAccountResource = new ManagedStorageAccount("managedStorageAccountResource", ManagedStorageAccountArgs.builder()
.keyVaultId("string")
.storageAccountId("string")
.storageAccountKey("string")
.name("string")
.regenerateKeyAutomatically(false)
.regenerationPeriod("string")
.tags(Map.of("string", "string"))
.build());
managed_storage_account_resource = azure.keyvault.ManagedStorageAccount("managedStorageAccountResource",
key_vault_id="string",
storage_account_id="string",
storage_account_key="string",
name="string",
regenerate_key_automatically=False,
regeneration_period="string",
tags={
"string": "string",
})
const managedStorageAccountResource = new azure.keyvault.ManagedStorageAccount("managedStorageAccountResource", {
keyVaultId: "string",
storageAccountId: "string",
storageAccountKey: "string",
name: "string",
regenerateKeyAutomatically: false,
regenerationPeriod: "string",
tags: {
string: "string",
},
});
type: azure:keyvault:ManagedStorageAccount
properties:
keyVaultId: string
name: string
regenerateKeyAutomatically: false
regenerationPeriod: string
storageAccountId: string
storageAccountKey: string
tags:
string: string
ManagedStorageAccount Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ManagedStorageAccount resource accepts the following input properties:
- Key
Vault stringId - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- Storage
Account stringId - The ID of the Storage Account.
- Storage
Account stringKey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - Name string
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- Regenerate
Key boolAutomatically Should Storage Account access key be regenerated periodically?
NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.
- Regeneration
Period string - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- Dictionary<string, string>
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
- Key
Vault stringId - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- Storage
Account stringId - The ID of the Storage Account.
- Storage
Account stringKey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - Name string
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- Regenerate
Key boolAutomatically Should Storage Account access key be regenerated periodically?
NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.
- Regeneration
Period string - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- map[string]string
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
- key
Vault StringId - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- storage
Account StringId - The ID of the Storage Account.
- storage
Account StringKey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - name String
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- regenerate
Key BooleanAutomatically Should Storage Account access key be regenerated periodically?
NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.
- regeneration
Period String - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- Map<String,String>
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
- key
Vault stringId - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- storage
Account stringId - The ID of the Storage Account.
- storage
Account stringKey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - name string
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- regenerate
Key booleanAutomatically Should Storage Account access key be regenerated periodically?
NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.
- regeneration
Period string - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- {[key: string]: string}
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
- key_
vault_ strid - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- storage_
account_ strid - The ID of the Storage Account.
- storage_
account_ strkey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - name str
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- regenerate_
key_ boolautomatically Should Storage Account access key be regenerated periodically?
NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.
- regeneration_
period str - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- Mapping[str, str]
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
- key
Vault StringId - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- storage
Account StringId - The ID of the Storage Account.
- storage
Account StringKey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - name String
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- regenerate
Key BooleanAutomatically Should Storage Account access key be regenerated periodically?
NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.
- regeneration
Period String - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- Map<String>
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
Outputs
All input properties are implicitly available as output properties. Additionally, the ManagedStorageAccount resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ManagedStorageAccount Resource
Get an existing ManagedStorageAccount resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ManagedStorageAccountState, opts?: CustomResourceOptions): ManagedStorageAccount@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
key_vault_id: Optional[str] = None,
name: Optional[str] = None,
regenerate_key_automatically: Optional[bool] = None,
regeneration_period: Optional[str] = None,
storage_account_id: Optional[str] = None,
storage_account_key: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None) -> ManagedStorageAccountfunc GetManagedStorageAccount(ctx *Context, name string, id IDInput, state *ManagedStorageAccountState, opts ...ResourceOption) (*ManagedStorageAccount, error)public static ManagedStorageAccount Get(string name, Input<string> id, ManagedStorageAccountState? state, CustomResourceOptions? opts = null)public static ManagedStorageAccount get(String name, Output<String> id, ManagedStorageAccountState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Key
Vault stringId - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- Name string
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- Regenerate
Key boolAutomatically Should Storage Account access key be regenerated periodically?
NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.
- Regeneration
Period string - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- Storage
Account stringId - The ID of the Storage Account.
- Storage
Account stringKey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - Dictionary<string, string>
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
- Key
Vault stringId - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- Name string
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- Regenerate
Key boolAutomatically Should Storage Account access key be regenerated periodically?
NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.
- Regeneration
Period string - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- Storage
Account stringId - The ID of the Storage Account.
- Storage
Account stringKey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - map[string]string
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
- key
Vault StringId - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- name String
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- regenerate
Key BooleanAutomatically Should Storage Account access key be regenerated periodically?
NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.
- regeneration
Period String - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- storage
Account StringId - The ID of the Storage Account.
- storage
Account StringKey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - Map<String,String>
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
- key
Vault stringId - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- name string
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- regenerate
Key booleanAutomatically Should Storage Account access key be regenerated periodically?
NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.
- regeneration
Period string - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- storage
Account stringId - The ID of the Storage Account.
- storage
Account stringKey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - {[key: string]: string}
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
- key_
vault_ strid - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- name str
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- regenerate_
key_ boolautomatically Should Storage Account access key be regenerated periodically?
NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.
- regeneration_
period str - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- storage_
account_ strid - The ID of the Storage Account.
- storage_
account_ strkey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - Mapping[str, str]
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
- key
Vault StringId - The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.
- name String
- The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.
- regenerate
Key BooleanAutomatically Should Storage Account access key be regenerated periodically?
NOTE: Azure Key Vault application needs to have access to Storage Account for auto regeneration to work. Example can be found above.
- regeneration
Period String - How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.
- storage
Account StringId - The ID of the Storage Account.
- storage
Account StringKey - Which Storage Account access key that is managed by Key Vault. Possible values are
key1andkey2. - Map<String>
- A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.
Import
Key Vault Managed Storage Accounts can be imported using the resource id, e.g.
$ pulumi import azure:keyvault/managedStorageAccount:ManagedStorageAccount example https://example-keyvault.vault.azure.net/storage/exampleStorageAcc01
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.