Completes the following:
- Deploys multiple keyvaults in multiple locations to a specified resource group.
- Adds diagnostic settings linking the keyvaults to the core workspace.
This command forms part of the Core Building Block.
Parameters
-SettingsFile
Required. (String) File path for the settings file to be converted into a settings object.
-SettingsObject
Required. (Object) Object containing the configuration values required to run this cmdlet.
-TagSettingsFile
Required. (String) File path for settings containing tags definition.
-WhatIf
(Switch) Run the command without executing any actions, so that no changes are made. The command will output a description of actions to be performed against the affected resources in the console window. Use this option if you are unsure of the overall impact of your command and wish to review it before committing to making changes.
-Confirm
(Switch) Run the command without executing any actions, so that no changes are made. The command will output a description of actions to be performed against the affected resources in the console window. Use this option if you are unsure of the overall impact of your command and wish to review it before committing to making changes.
Usage
Example 1
1
New-CmAzCoreKeyVault -SettingsFile "c:/directory/settingsFile.yml"
Example 2
1
New-CmAzCoreKeyVault -SettingsObject $settings
Settings
Beta documentation
The following schema documentation is automatically generated as part of a recent roadmap task. There may be inaccuracies or incomplete information while we flush out bugs; please refer to the packed project settings examples where necessary.Settings Root.
- Component
-
Value to determine what cmdlet should be dynamically loaded for these settings.
- ResourceGroupName
-
Part of key vault's resource group name.
- Location
-
Resource group deployment location.
- Service
-
Contains dependency and publish details for service location.
- Dependencies
-
Contains dependency details for service location.
- Workspace
-
Dependency value to fetch existing resource type.
- Actiongroup
-
Dependency value to fetch existing resource type.
- Publish
-
Contains publish details for service location.
- ResourceGroup
-
Value to publish on deployed resource type.
- Keyvault
-
Global default value to publish on deployed resource type.
- KeyVaults
-
All details required to deploy multiple key vaults.
- Name
-
Becomes part of the generated key vault's name.
- Type
-
Specifies if a user or service principal will be linked to the key vault's access policy.
Valid values:
"ServicePrincipal" , "User" , "serviceprincipal" , "user"
- Location
-
key vault deployment location
- Service
-
Contains dependency and publish details for service location.
- Publish
-
Contains publish details for service location.
- Keyvault
-
Local overriding value to publish on deployed existing resource type.
- EnableSoftDelete
-
Enable recovery of deleted key vaults and their objects.
Default:
true
- SoftDeleteRetentionInDays
-
Retention period for the deleted resources.
Default:
90
- EnablePurgeProtection
-
Prevents key vaults and their objects from being purged until the soft delete retention period has elapsed (Can only be enabled once soft delete is enabled).
Default:
true
- SecretNames
-
List of secrets to provision for the deployed key vault.
- EncryptionKeyNames
-
List of key encryption keys for the deployed key vault.
Examples
The following example files are automatically generated from the settings file schema definition to show how the specification can be used in practise. Cloudmarque can accept both JSON and YAML parameter files.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
{
"component": "string",
"resourceGroupName": "string",
"location": "string",
"service": {
"dependencies": {
"workspace": "string",
"actiongroup": "string"
},
"publish": {
"resourceGroup": "string",
"keyvault": "string"
}
},
"keyVaults": [
{
"name": "string",
"type": "ServicePrincipal",
"location": "string",
"service": {
"publish": {
"keyvault": "string"
}
},
"enableSoftDelete": "true",
"softDeleteRetentionInDays": "90",
"enablePurgeProtection": "true",
"secretNames": [
"string"
],
"encryptionKeyNames": [
"string"
]
}
]
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
component: "string" # Optional
resourceGroupName: "string" # Mandatory
location: "string" # Mandatory
service: # Mandatory
dependencies: # Mandatory
workspace: "string" # Mandatory
actiongroup: "string" # Optional
publish: # Mandatory
resourceGroup: "string" # Mandatory
keyvault: "string" # Optional
keyVaults: # Mandatory
- name: "string" # Mandatory
type: "ServicePrincipal" # Mandatory
location: "string" # Mandatory
service: # Optional
publish: # Optional
keyvault: "string" # Optional
enableSoftDelete: "true" # Optional
softDeleteRetentionInDays: "90" # Optional
enablePurgeProtection: "true" # Optional
secretNames: # Optional
- "string"
encryptionKeyNames: # Optional
- "string"