1. Docs
  2. Reference
  3. API
  4. Azure
  5. keyvault
  6. Key

Key

Manages a Key Vault Key.

Create a Key Resource

new Key(name: string, args: KeyArgs, opts?: CustomResourceOptions);
def Key(resource_name, opts=None, curve=None, expiration_date=None, key_opts=None, key_size=None, key_type=None, key_vault_id=None, name=None, not_before_date=None, tags=None, __props__=None);
func NewKey(ctx *Context, name string, args KeyArgs, opts ...ResourceOption) (*Key, error)
public Key(string name, KeyArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args KeyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
opts ResourceOptions
A bag of options that control this resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args KeyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args KeyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

Key Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The Key resource accepts the following input properties:

KeyOpts List<string>

A list of JSON web key operations. Possible values include: decrypt, encrypt, sign, unwrapKey, verify and wrapKey. Please note these values are case sensitive.

KeyType string

Specifies the Key Type to use for this Key Vault Key. Possible values are EC (Elliptic Curve), EC-HSM, Oct (Octet), RSA and RSA-HSM. Changing this forces a new resource to be created.

KeyVaultId string

The ID of the Key Vault where the Key should be created. Changing this forces a new resource to be created.

Curve string

Specifies the curve to use when creating an EC key. Possible values are P-256, P-384, P-521, and SECP256K1. This field will be required in a future release if key_type is EC or EC-HSM. The API will default to P-256 if nothing is specified. Changing this forces a new resource to be created.

ExpirationDate string

Expiration UTC datetime (Y-m-d’T’H:M:S’Z’).

KeySize int

Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if key_type is RSA or RSA-HSM. Changing this forces a new resource to be created.

Name string

Specifies the name of the Key Vault Key. Changing this forces a new resource to be created.

NotBeforeDate string

Key not usable before the provided UTC datetime (Y-m-d’T’H:M:S’Z’).

Tags Dictionary<string, string>

A mapping of tags to assign to the resource.

KeyOpts []string

A list of JSON web key operations. Possible values include: decrypt, encrypt, sign, unwrapKey, verify and wrapKey. Please note these values are case sensitive.

KeyType string

Specifies the Key Type to use for this Key Vault Key. Possible values are EC (Elliptic Curve), EC-HSM, Oct (Octet), RSA and RSA-HSM. Changing this forces a new resource to be created.

KeyVaultId string

The ID of the Key Vault where the Key should be created. Changing this forces a new resource to be created.

Curve string

Specifies the curve to use when creating an EC key. Possible values are P-256, P-384, P-521, and SECP256K1. This field will be required in a future release if key_type is EC or EC-HSM. The API will default to P-256 if nothing is specified. Changing this forces a new resource to be created.

ExpirationDate string

Expiration UTC datetime (Y-m-d’T’H:M:S’Z’).

KeySize int

Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if key_type is RSA or RSA-HSM. Changing this forces a new resource to be created.

Name string

Specifies the name of the Key Vault Key. Changing this forces a new resource to be created.

NotBeforeDate string

Key not usable before the provided UTC datetime (Y-m-d’T’H:M:S’Z’).

Tags map[string]string

A mapping of tags to assign to the resource.

keyOpts string[]

A list of JSON web key operations. Possible values include: decrypt, encrypt, sign, unwrapKey, verify and wrapKey. Please note these values are case sensitive.

keyType string

Specifies the Key Type to use for this Key Vault Key. Possible values are EC (Elliptic Curve), EC-HSM, Oct (Octet), RSA and RSA-HSM. Changing this forces a new resource to be created.

keyVaultId string

The ID of the Key Vault where the Key should be created. Changing this forces a new resource to be created.

curve string

Specifies the curve to use when creating an EC key. Possible values are P-256, P-384, P-521, and SECP256K1. This field will be required in a future release if key_type is EC or EC-HSM. The API will default to P-256 if nothing is specified. Changing this forces a new resource to be created.

expirationDate string

Expiration UTC datetime (Y-m-d’T’H:M:S’Z’).

keySize number

Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if key_type is RSA or RSA-HSM. Changing this forces a new resource to be created.

name string

Specifies the name of the Key Vault Key. Changing this forces a new resource to be created.

notBeforeDate string

Key not usable before the provided UTC datetime (Y-m-d’T’H:M:S’Z’).

tags {[key: string]: string}

A mapping of tags to assign to the resource.

key_opts List[str]

A list of JSON web key operations. Possible values include: decrypt, encrypt, sign, unwrapKey, verify and wrapKey. Please note these values are case sensitive.

key_type str

Specifies the Key Type to use for this Key Vault Key. Possible values are EC (Elliptic Curve), EC-HSM, Oct (Octet), RSA and RSA-HSM. Changing this forces a new resource to be created.

key_vault_id str

The ID of the Key Vault where the Key should be created. Changing this forces a new resource to be created.

curve str

Specifies the curve to use when creating an EC key. Possible values are P-256, P-384, P-521, and SECP256K1. This field will be required in a future release if key_type is EC or EC-HSM. The API will default to P-256 if nothing is specified. Changing this forces a new resource to be created.

expiration_date str

Expiration UTC datetime (Y-m-d’T’H:M:S’Z’).

key_size float

Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if key_type is RSA or RSA-HSM. Changing this forces a new resource to be created.

name str

Specifies the name of the Key Vault Key. Changing this forces a new resource to be created.

not_before_date str

Key not usable before the provided UTC datetime (Y-m-d’T’H:M:S’Z’).

tags Dict[str, str]

A mapping of tags to assign to the resource.

Outputs

All input properties are implicitly available as output properties. Additionally, the Key resource produces the following output properties:

E string

The RSA public exponent of this Key Vault Key.

Id string
The provider-assigned unique ID for this managed resource.
N string

The RSA modulus of this Key Vault Key.

Version string

The current version of the Key Vault Key.

X string

The EC X component of this Key Vault Key.

Y string

The EC Y component of this Key Vault Key.

E string

The RSA public exponent of this Key Vault Key.

Id string
The provider-assigned unique ID for this managed resource.
N string

The RSA modulus of this Key Vault Key.

Version string

The current version of the Key Vault Key.

X string

The EC X component of this Key Vault Key.

Y string

The EC Y component of this Key Vault Key.

e string

The RSA public exponent of this Key Vault Key.

id string
The provider-assigned unique ID for this managed resource.
n string

The RSA modulus of this Key Vault Key.

version string

The current version of the Key Vault Key.

x string

The EC X component of this Key Vault Key.

y string

The EC Y component of this Key Vault Key.

e str

The RSA public exponent of this Key Vault Key.

id str
The provider-assigned unique ID for this managed resource.
n str

The RSA modulus of this Key Vault Key.

version str

The current version of the Key Vault Key.

x str

The EC X component of this Key Vault Key.

y str

The EC Y component of this Key Vault Key.

Look up an Existing Key Resource

Get an existing Key resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: KeyState, opts?: CustomResourceOptions): Key
static get(resource_name, id, opts=None, curve=None, e=None, expiration_date=None, key_opts=None, key_size=None, key_type=None, key_vault_id=None, n=None, name=None, not_before_date=None, tags=None, version=None, x=None, y=None, __props__=None);
func GetKey(ctx *Context, name string, id IDInput, state *KeyState, opts ...ResourceOption) (*Key, error)
public static Key Get(string name, Input<string> id, KeyState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Curve string

Specifies the curve to use when creating an EC key. Possible values are P-256, P-384, P-521, and SECP256K1. This field will be required in a future release if key_type is EC or EC-HSM. The API will default to P-256 if nothing is specified. Changing this forces a new resource to be created.

E string

The RSA public exponent of this Key Vault Key.

ExpirationDate string

Expiration UTC datetime (Y-m-d’T’H:M:S’Z’).

KeyOpts List<string>

A list of JSON web key operations. Possible values include: decrypt, encrypt, sign, unwrapKey, verify and wrapKey. Please note these values are case sensitive.

KeySize int

Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if key_type is RSA or RSA-HSM. Changing this forces a new resource to be created.

KeyType string

Specifies the Key Type to use for this Key Vault Key. Possible values are EC (Elliptic Curve), EC-HSM, Oct (Octet), RSA and RSA-HSM. Changing this forces a new resource to be created.

KeyVaultId string

The ID of the Key Vault where the Key should be created. Changing this forces a new resource to be created.

N string

The RSA modulus of this Key Vault Key.

Name string

Specifies the name of the Key Vault Key. Changing this forces a new resource to be created.

NotBeforeDate string

Key not usable before the provided UTC datetime (Y-m-d’T’H:M:S’Z’).

Tags Dictionary<string, string>

A mapping of tags to assign to the resource.

Version string

The current version of the Key Vault Key.

X string

The EC X component of this Key Vault Key.

Y string

The EC Y component of this Key Vault Key.

Curve string

Specifies the curve to use when creating an EC key. Possible values are P-256, P-384, P-521, and SECP256K1. This field will be required in a future release if key_type is EC or EC-HSM. The API will default to P-256 if nothing is specified. Changing this forces a new resource to be created.

E string

The RSA public exponent of this Key Vault Key.

ExpirationDate string

Expiration UTC datetime (Y-m-d’T’H:M:S’Z’).

KeyOpts []string

A list of JSON web key operations. Possible values include: decrypt, encrypt, sign, unwrapKey, verify and wrapKey. Please note these values are case sensitive.

KeySize int

Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if key_type is RSA or RSA-HSM. Changing this forces a new resource to be created.

KeyType string

Specifies the Key Type to use for this Key Vault Key. Possible values are EC (Elliptic Curve), EC-HSM, Oct (Octet), RSA and RSA-HSM. Changing this forces a new resource to be created.

KeyVaultId string

The ID of the Key Vault where the Key should be created. Changing this forces a new resource to be created.

N string

The RSA modulus of this Key Vault Key.

Name string

Specifies the name of the Key Vault Key. Changing this forces a new resource to be created.

NotBeforeDate string

Key not usable before the provided UTC datetime (Y-m-d’T’H:M:S’Z’).

Tags map[string]string

A mapping of tags to assign to the resource.

Version string

The current version of the Key Vault Key.

X string

The EC X component of this Key Vault Key.

Y string

The EC Y component of this Key Vault Key.

curve string

Specifies the curve to use when creating an EC key. Possible values are P-256, P-384, P-521, and SECP256K1. This field will be required in a future release if key_type is EC or EC-HSM. The API will default to P-256 if nothing is specified. Changing this forces a new resource to be created.

e string

The RSA public exponent of this Key Vault Key.

expirationDate string

Expiration UTC datetime (Y-m-d’T’H:M:S’Z’).

keyOpts string[]

A list of JSON web key operations. Possible values include: decrypt, encrypt, sign, unwrapKey, verify and wrapKey. Please note these values are case sensitive.

keySize number

Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if key_type is RSA or RSA-HSM. Changing this forces a new resource to be created.

keyType string

Specifies the Key Type to use for this Key Vault Key. Possible values are EC (Elliptic Curve), EC-HSM, Oct (Octet), RSA and RSA-HSM. Changing this forces a new resource to be created.

keyVaultId string

The ID of the Key Vault where the Key should be created. Changing this forces a new resource to be created.

n string

The RSA modulus of this Key Vault Key.

name string

Specifies the name of the Key Vault Key. Changing this forces a new resource to be created.

notBeforeDate string

Key not usable before the provided UTC datetime (Y-m-d’T’H:M:S’Z’).

tags {[key: string]: string}

A mapping of tags to assign to the resource.

version string

The current version of the Key Vault Key.

x string

The EC X component of this Key Vault Key.

y string

The EC Y component of this Key Vault Key.

curve str

Specifies the curve to use when creating an EC key. Possible values are P-256, P-384, P-521, and SECP256K1. This field will be required in a future release if key_type is EC or EC-HSM. The API will default to P-256 if nothing is specified. Changing this forces a new resource to be created.

e str

The RSA public exponent of this Key Vault Key.

expiration_date str

Expiration UTC datetime (Y-m-d’T’H:M:S’Z’).

key_opts List[str]

A list of JSON web key operations. Possible values include: decrypt, encrypt, sign, unwrapKey, verify and wrapKey. Please note these values are case sensitive.

key_size float

Specifies the Size of the RSA key to create in bytes. For example, 1024 or 2048. Note: This field is required if key_type is RSA or RSA-HSM. Changing this forces a new resource to be created.

key_type str

Specifies the Key Type to use for this Key Vault Key. Possible values are EC (Elliptic Curve), EC-HSM, Oct (Octet), RSA and RSA-HSM. Changing this forces a new resource to be created.

key_vault_id str

The ID of the Key Vault where the Key should be created. Changing this forces a new resource to be created.

n str

The RSA modulus of this Key Vault Key.

name str

Specifies the name of the Key Vault Key. Changing this forces a new resource to be created.

not_before_date str

Key not usable before the provided UTC datetime (Y-m-d’T’H:M:S’Z’).

tags Dict[str, str]

A mapping of tags to assign to the resource.

version str

The current version of the Key Vault Key.

x str

The EC X component of this Key Vault Key.

y str

The EC Y component of this Key Vault Key.

Package Details

Repository
https://github.com/pulumi/pulumi-azure
License
Apache-2.0
Notes
This Pulumi package is based on the azurerm Terraform Provider.