New-CmAzCoreKeyVault

Creates keyvaults for a specified resource group in the current subscription.

Completes the following:

  • Deploys multiple keyvaults in multiple locations to a specified resource group.
  • Adds diagnostic settings linking the keyvaults to the core workspace.

This command forms part of the Core Building Block.

Parameters

-SettingsFile

Required. (String) File path for the settings file to be converted into a settings object.

-SettingsObject

Required. (Object) Object containing the configuration values required to run this cmdlet.

-TagSettingsFile

Required. (String) File path for settings containing tags definition.

-WhatIf

(Switch) Run the command without executing any actions, so that no changes are made. The command will output a description of actions to be performed against the affected resources in the console window. Use this option if you are unsure of the overall impact of your command and wish to review it before committing to making changes.

-Confirm

(Switch) Run the command without executing any actions, so that no changes are made. The command will output a description of actions to be performed against the affected resources in the console window. Use this option if you are unsure of the overall impact of your command and wish to review it before committing to making changes.

Usage

Example 1

1
New-CmAzCoreKeyVault -SettingsFile "c:/directory/settingsFile.yml"

Example 2

1
New-CmAzCoreKeyVault -SettingsObject $settings

Settings

Beta documentation
The following schema documentation is automatically generated as part of a recent roadmap task. There may be inaccuracies or incomplete information while we flush out bugs; please refer to the packed project settings examples where necessary.

Settings Root.

Component

component [string | null]

Value to determine what cmdlet should be dynamically loaded for these settings.

ResourceGroupName

resourceGroupName [string] Mandatory

Part of key vault's resource group name.

Location

location [string] Mandatory

Resource group deployment location.

Service

service [object] Mandatory

Contains dependency and publish details for service location.

Dependencies

dependencies [object]

Contains dependency details for service location.

Workspace

workspace [string]

Dependency value to fetch existing resource type.

Actiongroup

actiongroup [string | null]

Dependency value to fetch existing resource type.

Publish

publish [object]

Contains publish details for service location.

ResourceGroup

resourceGroup [string]

Value to publish on deployed resource type.

Keyvault

keyvault [string | null]

Global default value to publish on deployed resource type.

KeyVaults

keyVaults [array] Mandatory

All details required to deploy multiple key vaults.

Name

name [string]

Becomes part of the generated key vault's name.

Type

type [string]

Specifies if a user or service principal will be linked to the key vault's access policy.

Valid values:"ServicePrincipal" , "User" , "serviceprincipal" , "user"

Location

location [string] Mandatory

key vault deployment location

Service

service [object | null] Mandatory

Contains dependency and publish details for service location.

Publish

publish [object | null]

Contains publish details for service location.

Keyvault

keyvault [string | null]

Local overriding value to publish on deployed existing resource type.

EnableSoftDelete

enableSoftDelete [boolean | null]

Enable recovery of deleted key vaults and their objects.

Default:true

SoftDeleteRetentionInDays

softDeleteRetentionInDays [integer | null]

Retention period for the deleted resources.

Default:90

EnablePurgeProtection

enablePurgeProtection [boolean | null]

Prevents key vaults and their objects from being purged until the soft delete retention period has elapsed (Can only be enabled once soft delete is enabled).

Default:true

SecretNames

secretNames [array | null]

List of secrets to provision for the deployed key vault.

EncryptionKeyNames

encryptionKeyNames [array | null]

List of key encryption keys for the deployed key vault.

Examples

The following example files are automatically generated from the settings file schema definition to show how the specification can be used in practise. Cloudmarque can accept both JSON and YAML parameter files.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
{
  "component": "string",
  "resourceGroupName": "string",
  "location": "string",
  "service": {
    "dependencies": {
      "workspace": "string",
      "actiongroup": "string"
    },
    "publish": {
      "resourceGroup": "string",
      "keyvault": "string"
    }
  },
  "keyVaults": [
    {
      "name": "string",
      "type": "ServicePrincipal",
      "location": "string",
      "service": {
        "publish": {
          "keyvault": "string"
        }
      },
      "enableSoftDelete": "true",
      "softDeleteRetentionInDays": "90",
      "enablePurgeProtection": "true",
      "secretNames": [
        "string"
      ],
      "encryptionKeyNames": [
        "string"
      ]
    }
  ]
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
component: "string"    # Optional
resourceGroupName: "string"    # Mandatory
location: "string"    # Mandatory
service:     # Mandatory
  dependencies:     # Mandatory
    workspace: "string"    # Mandatory
    actiongroup: "string"    # Optional
  publish:     # Mandatory
    resourceGroup: "string"    # Mandatory
    keyvault: "string"    # Optional
keyVaults:     # Mandatory
  - name: "string"    # Mandatory
    type: "ServicePrincipal"    # Mandatory
    location: "string"    # Mandatory
    service:     # Optional
      publish:     # Optional
        keyvault: "string"    # Optional
    enableSoftDelete: "true"    # Optional
    softDeleteRetentionInDays: "90"    # Optional
    enablePurgeProtection: "true"    # Optional
    secretNames:     # Optional
      - "string"
    encryptionKeyNames:     # Optional
      - "string"