Azure Native v3.2.0, Apr 14 25

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.2.0 published on Monday, Apr 14, 2025 by Pulumi

azure-native.keyvault.getVault

Explore with Pulumi AI

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.2.0 published on Monday, Apr 14, 2025 by Pulumi

Using getVault

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

TypeScript
Python
Go
C#
Java
YAML

function getVault(args: GetVaultArgs, opts?: InvokeOptions): Promise<GetVaultResult>
function getVaultOutput(args: GetVaultOutputArgs, opts?: InvokeOptions): Output<GetVaultResult>

def get_vault(resource_group_name: Optional[str] = None,
              vault_name: Optional[str] = None,
              opts: Optional[InvokeOptions] = None) -> GetVaultResult
def get_vault_output(resource_group_name: Optional[pulumi.Input[str]] = None,
              vault_name: Optional[pulumi.Input[str]] = None,
              opts: Optional[InvokeOptions] = None) -> Output[GetVaultResult]

func LookupVault(ctx *Context, args *LookupVaultArgs, opts ...InvokeOption) (*LookupVaultResult, error)
func LookupVaultOutput(ctx *Context, args *LookupVaultOutputArgs, opts ...InvokeOption) LookupVaultResultOutput

> Note: This function is named LookupVault in the Go SDK.

public static class GetVault 
{
    public static Task<GetVaultResult> InvokeAsync(GetVaultArgs args, InvokeOptions? opts = null)
    public static Output<GetVaultResult> Invoke(GetVaultInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetVaultResult> getVault(GetVaultArgs args, InvokeOptions options)
public static Output<GetVaultResult> getVault(GetVaultArgs args, InvokeOptions options)

fn::invoke:
  function: azure-native:keyvault:getVault
  arguments:
    # arguments dictionary

The following arguments are supported:

ResourceGroupName string: The name of the Resource Group to which the vault belongs.
VaultName string: The name of the vault.

ResourceGroupName string: The name of the Resource Group to which the vault belongs.
VaultName string: The name of the vault.

resourceGroupName String: The name of the Resource Group to which the vault belongs.
vaultName String: The name of the vault.

resourceGroupName string: The name of the Resource Group to which the vault belongs.
vaultName string: The name of the vault.

resource_group_name str: The name of the Resource Group to which the vault belongs.
vault_name str: The name of the vault.

resourceGroupName String: The name of the Resource Group to which the vault belongs.
vaultName String: The name of the vault.

getVault Result

The following output properties are available:

AzureApiVersion string: The Azure API version of the resource.
Id string: Fully qualified identifier of the key vault resource.
Name string: Name of the key vault resource.
Properties Pulumi.AzureNative.KeyVault.Outputs.VaultPropertiesResponse: Properties of the vault
SystemData Pulumi.AzureNative.KeyVault.Outputs.SystemDataResponse: System metadata for the key vault.
Type string: Resource type of the key vault resource.
Location string: Azure location of the key vault resource.
Tags Dictionary<string, string>: Tags assigned to the key vault resource.

AzureApiVersion string: The Azure API version of the resource.
Id string: Fully qualified identifier of the key vault resource.
Name string: Name of the key vault resource.
Properties VaultPropertiesResponse: Properties of the vault
SystemData SystemDataResponse: System metadata for the key vault.
Type string: Resource type of the key vault resource.
Location string: Azure location of the key vault resource.
Tags map[string]string: Tags assigned to the key vault resource.

azureApiVersion String: The Azure API version of the resource.
id String: Fully qualified identifier of the key vault resource.
name String: Name of the key vault resource.
properties VaultPropertiesResponse: Properties of the vault
systemData SystemDataResponse: System metadata for the key vault.
type String: Resource type of the key vault resource.
location String: Azure location of the key vault resource.
tags Map<String,String>: Tags assigned to the key vault resource.

azureApiVersion string: The Azure API version of the resource.
id string: Fully qualified identifier of the key vault resource.
name string: Name of the key vault resource.
properties VaultPropertiesResponse: Properties of the vault
systemData SystemDataResponse: System metadata for the key vault.
type string: Resource type of the key vault resource.
location string: Azure location of the key vault resource.
tags {[key: string]: string}: Tags assigned to the key vault resource.

azure_api_version str: The Azure API version of the resource.
id str: Fully qualified identifier of the key vault resource.
name str: Name of the key vault resource.
properties VaultPropertiesResponse: Properties of the vault
system_data SystemDataResponse: System metadata for the key vault.
type str: Resource type of the key vault resource.
location str: Azure location of the key vault resource.
tags Mapping[str, str]: Tags assigned to the key vault resource.

azureApiVersion String: The Azure API version of the resource.
id String: Fully qualified identifier of the key vault resource.
name String: Name of the key vault resource.
properties Property Map: Properties of the vault
systemData Property Map: System metadata for the key vault.
type String: Resource type of the key vault resource.
location String: Azure location of the key vault resource.
tags Map<String>: Tags assigned to the key vault resource.

Supporting Types

AccessPolicyEntryResponse

ObjectId string: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
Permissions Pulumi.AzureNative.KeyVault.Inputs.PermissionsResponse: Permissions the identity has for keys, secrets and certificates.
TenantId string: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
ApplicationId string: Application ID of the client making request on behalf of a principal

ObjectId string: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
Permissions PermissionsResponse: Permissions the identity has for keys, secrets and certificates.
TenantId string: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
ApplicationId string: Application ID of the client making request on behalf of a principal

objectId String: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
permissions PermissionsResponse: Permissions the identity has for keys, secrets and certificates.
tenantId String: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
applicationId String: Application ID of the client making request on behalf of a principal

objectId string: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
permissions PermissionsResponse: Permissions the identity has for keys, secrets and certificates.
tenantId string: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
applicationId string: Application ID of the client making request on behalf of a principal

object_id str: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
permissions PermissionsResponse: Permissions the identity has for keys, secrets and certificates.
tenant_id str: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
application_id str: Application ID of the client making request on behalf of a principal

objectId String: The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
permissions Property Map: Permissions the identity has for keys, secrets and certificates.
tenantId String: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
applicationId String: Application ID of the client making request on behalf of a principal

IPRuleResponse

Value string: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

Value string: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

value String: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

value string: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

value str: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

value String: An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).

NetworkRuleSetResponse

Bypass string: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
DefaultAction string: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
IpRules List<Pulumi.AzureNative.KeyVault.Inputs.IPRuleResponse>: The list of IP address rules.
VirtualNetworkRules List<Pulumi.AzureNative.KeyVault.Inputs.VirtualNetworkRuleResponse>: The list of virtual network rules.

Bypass string: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
DefaultAction string: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
IpRules []IPRuleResponse: The list of IP address rules.
VirtualNetworkRules []VirtualNetworkRuleResponse: The list of virtual network rules.

bypass String: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
defaultAction String: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
ipRules List<IPRuleResponse>: The list of IP address rules.
virtualNetworkRules List<VirtualNetworkRuleResponse>: The list of virtual network rules.

bypass string: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
defaultAction string: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
ipRules IPRuleResponse[]: The list of IP address rules.
virtualNetworkRules VirtualNetworkRuleResponse[]: The list of virtual network rules.

bypass str: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
default_action str: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
ip_rules Sequence[IPRuleResponse]: The list of IP address rules.
virtual_network_rules Sequence[VirtualNetworkRuleResponse]: The list of virtual network rules.

bypass String: Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
defaultAction String: The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
ipRules List<Property Map>: The list of IP address rules.
virtualNetworkRules List<Property Map>: The list of virtual network rules.

PermissionsResponse

Certificates List<string>: Permissions to certificates
Keys List<string>: Permissions to keys
Secrets List<string>: Permissions to secrets
Storage List<string>: Permissions to storage accounts

Certificates []string: Permissions to certificates
Keys []string: Permissions to keys
Secrets []string: Permissions to secrets
Storage []string: Permissions to storage accounts

certificates List<String>: Permissions to certificates
keys List<String>: Permissions to keys
secrets List<String>: Permissions to secrets
storage List<String>: Permissions to storage accounts

certificates string[]: Permissions to certificates
keys string[]: Permissions to keys
secrets string[]: Permissions to secrets
storage string[]: Permissions to storage accounts

certificates Sequence[str]: Permissions to certificates
keys Sequence[str]: Permissions to keys
secrets Sequence[str]: Permissions to secrets
storage Sequence[str]: Permissions to storage accounts

certificates List<String>: Permissions to certificates
keys List<String>: Permissions to keys
secrets List<String>: Permissions to secrets
storage List<String>: Permissions to storage accounts

PrivateEndpointConnectionItemResponse

ProvisioningState string: Provisioning state of the private endpoint connection.
Etag string: Modified whenever there is a change in the state of private endpoint connection.
Id string: Id of private endpoint connection.
PrivateEndpoint Pulumi.AzureNative.KeyVault.Inputs.PrivateEndpointResponse: Properties of the private endpoint object.
PrivateLinkServiceConnectionState Pulumi.AzureNative.KeyVault.Inputs.PrivateLinkServiceConnectionStateResponse: Approval state of the private link connection.

ProvisioningState string: Provisioning state of the private endpoint connection.
Etag string: Modified whenever there is a change in the state of private endpoint connection.
Id string: Id of private endpoint connection.
PrivateEndpoint PrivateEndpointResponse: Properties of the private endpoint object.
PrivateLinkServiceConnectionState PrivateLinkServiceConnectionStateResponse: Approval state of the private link connection.

provisioningState String: Provisioning state of the private endpoint connection.
etag String: Modified whenever there is a change in the state of private endpoint connection.
id String: Id of private endpoint connection.
privateEndpoint PrivateEndpointResponse: Properties of the private endpoint object.
privateLinkServiceConnectionState PrivateLinkServiceConnectionStateResponse: Approval state of the private link connection.

provisioningState string: Provisioning state of the private endpoint connection.
etag string: Modified whenever there is a change in the state of private endpoint connection.
id string: Id of private endpoint connection.
privateEndpoint PrivateEndpointResponse: Properties of the private endpoint object.
privateLinkServiceConnectionState PrivateLinkServiceConnectionStateResponse: Approval state of the private link connection.

provisioning_state str: Provisioning state of the private endpoint connection.
etag str: Modified whenever there is a change in the state of private endpoint connection.
id str: Id of private endpoint connection.
private_endpoint PrivateEndpointResponse: Properties of the private endpoint object.
private_link_service_connection_state PrivateLinkServiceConnectionStateResponse: Approval state of the private link connection.

provisioningState String: Provisioning state of the private endpoint connection.
etag String: Modified whenever there is a change in the state of private endpoint connection.
id String: Id of private endpoint connection.
privateEndpoint Property Map: Properties of the private endpoint object.
privateLinkServiceConnectionState Property Map: Approval state of the private link connection.

PrivateEndpointResponse

Id string: Full identifier of the private endpoint resource.

Id string: Full identifier of the private endpoint resource.

id String: Full identifier of the private endpoint resource.

id string: Full identifier of the private endpoint resource.

id str: Full identifier of the private endpoint resource.

id String: Full identifier of the private endpoint resource.

PrivateLinkServiceConnectionStateResponse

ActionsRequired string: A message indicating if changes on the service provider require any updates on the consumer.
Description string: The reason for approval or rejection.
Status string: Indicates whether the connection has been approved, rejected or removed by the key vault owner.

ActionsRequired string: A message indicating if changes on the service provider require any updates on the consumer.
Description string: The reason for approval or rejection.
Status string: Indicates whether the connection has been approved, rejected or removed by the key vault owner.

actionsRequired String: A message indicating if changes on the service provider require any updates on the consumer.
description String: The reason for approval or rejection.
status String: Indicates whether the connection has been approved, rejected or removed by the key vault owner.

actionsRequired string: A message indicating if changes on the service provider require any updates on the consumer.
description string: The reason for approval or rejection.
status string: Indicates whether the connection has been approved, rejected or removed by the key vault owner.

actions_required str: A message indicating if changes on the service provider require any updates on the consumer.
description str: The reason for approval or rejection.
status str: Indicates whether the connection has been approved, rejected or removed by the key vault owner.

actionsRequired String: A message indicating if changes on the service provider require any updates on the consumer.
description String: The reason for approval or rejection.
status String: Indicates whether the connection has been approved, rejected or removed by the key vault owner.

SkuResponse

Family string: SKU family name
Name string: SKU name to specify whether the key vault is a standard vault or a premium vault.

Family string: SKU family name
Name string: SKU name to specify whether the key vault is a standard vault or a premium vault.

family String: SKU family name
name String: SKU name to specify whether the key vault is a standard vault or a premium vault.

family string: SKU family name
name string: SKU name to specify whether the key vault is a standard vault or a premium vault.

family str: SKU family name
name str: SKU name to specify whether the key vault is a standard vault or a premium vault.

family String: SKU family name
name String: SKU name to specify whether the key vault is a standard vault or a premium vault.

SystemDataResponse

CreatedAt string: The timestamp of the key vault resource creation (UTC).
CreatedBy string: The identity that created the key vault resource.
CreatedByType string: The type of identity that created the key vault resource.
LastModifiedAt string: The timestamp of the key vault resource last modification (UTC).
LastModifiedBy string: The identity that last modified the key vault resource.
LastModifiedByType string: The type of identity that last modified the key vault resource.

CreatedAt string: The timestamp of the key vault resource creation (UTC).
CreatedBy string: The identity that created the key vault resource.
CreatedByType string: The type of identity that created the key vault resource.
LastModifiedAt string: The timestamp of the key vault resource last modification (UTC).
LastModifiedBy string: The identity that last modified the key vault resource.
LastModifiedByType string: The type of identity that last modified the key vault resource.

createdAt String: The timestamp of the key vault resource creation (UTC).
createdBy String: The identity that created the key vault resource.
createdByType String: The type of identity that created the key vault resource.
lastModifiedAt String: The timestamp of the key vault resource last modification (UTC).
lastModifiedBy String: The identity that last modified the key vault resource.
lastModifiedByType String: The type of identity that last modified the key vault resource.

createdAt string: The timestamp of the key vault resource creation (UTC).
createdBy string: The identity that created the key vault resource.
createdByType string: The type of identity that created the key vault resource.
lastModifiedAt string: The timestamp of the key vault resource last modification (UTC).
lastModifiedBy string: The identity that last modified the key vault resource.
lastModifiedByType string: The type of identity that last modified the key vault resource.

created_at str: The timestamp of the key vault resource creation (UTC).
created_by str: The identity that created the key vault resource.
created_by_type str: The type of identity that created the key vault resource.
last_modified_at str: The timestamp of the key vault resource last modification (UTC).
last_modified_by str: The identity that last modified the key vault resource.
last_modified_by_type str: The type of identity that last modified the key vault resource.

createdAt String: The timestamp of the key vault resource creation (UTC).
createdBy String: The identity that created the key vault resource.
createdByType String: The type of identity that created the key vault resource.
lastModifiedAt String: The timestamp of the key vault resource last modification (UTC).
lastModifiedBy String: The identity that last modified the key vault resource.
lastModifiedByType String: The type of identity that last modified the key vault resource.

VaultPropertiesResponse

HsmPoolResourceId string: The resource id of HSM Pool.
PrivateEndpointConnections List<Pulumi.AzureNative.KeyVault.Inputs.PrivateEndpointConnectionItemResponse>: List of private endpoint connections associated with the key vault.
ProvisioningState string: Provisioning state of the vault.
Sku Pulumi.AzureNative.KeyVault.Inputs.SkuResponse: SKU details
TenantId string: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
VaultUri string: The URI of the vault for performing operations on keys and secrets.
AccessPolicies List<Pulumi.AzureNative.KeyVault.Inputs.AccessPolicyEntryResponse>: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
EnablePurgeProtection bool: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
EnableRbacAuthorization bool: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
EnableSoftDelete bool: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
EnabledForDeployment bool: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
EnabledForDiskEncryption bool: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
EnabledForTemplateDeployment bool: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
NetworkAcls Pulumi.AzureNative.KeyVault.Inputs.NetworkRuleSetResponse: Rules governing the accessibility of the key vault from specific network locations.
PublicNetworkAccess string: Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
SoftDeleteRetentionInDays int: softDelete data retention days. It accepts >=7 and <=90.

HsmPoolResourceId string: The resource id of HSM Pool.
PrivateEndpointConnections []PrivateEndpointConnectionItemResponse: List of private endpoint connections associated with the key vault.
ProvisioningState string: Provisioning state of the vault.
Sku SkuResponse: SKU details
TenantId string: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
VaultUri string: The URI of the vault for performing operations on keys and secrets.
AccessPolicies []AccessPolicyEntryResponse: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
EnablePurgeProtection bool: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
EnableRbacAuthorization bool: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
EnableSoftDelete bool: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
EnabledForDeployment bool: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
EnabledForDiskEncryption bool: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
EnabledForTemplateDeployment bool: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
NetworkAcls NetworkRuleSetResponse: Rules governing the accessibility of the key vault from specific network locations.
PublicNetworkAccess string: Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
SoftDeleteRetentionInDays int: softDelete data retention days. It accepts >=7 and <=90.

hsmPoolResourceId String: The resource id of HSM Pool.
privateEndpointConnections List<PrivateEndpointConnectionItemResponse>: List of private endpoint connections associated with the key vault.
provisioningState String: Provisioning state of the vault.
sku SkuResponse: SKU details
tenantId String: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
vaultUri String: The URI of the vault for performing operations on keys and secrets.
accessPolicies List<AccessPolicyEntryResponse>: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
enablePurgeProtection Boolean: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
enableRbacAuthorization Boolean: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
enableSoftDelete Boolean: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
enabledForDeployment Boolean: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
enabledForDiskEncryption Boolean: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
enabledForTemplateDeployment Boolean: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
networkAcls NetworkRuleSetResponse: Rules governing the accessibility of the key vault from specific network locations.
publicNetworkAccess String: Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
softDeleteRetentionInDays Integer: softDelete data retention days. It accepts >=7 and <=90.

hsmPoolResourceId string: The resource id of HSM Pool.
privateEndpointConnections PrivateEndpointConnectionItemResponse[]: List of private endpoint connections associated with the key vault.
provisioningState string: Provisioning state of the vault.
sku SkuResponse: SKU details
tenantId string: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
vaultUri string: The URI of the vault for performing operations on keys and secrets.
accessPolicies AccessPolicyEntryResponse[]: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
enablePurgeProtection boolean: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
enableRbacAuthorization boolean: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
enableSoftDelete boolean: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
enabledForDeployment boolean: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
enabledForDiskEncryption boolean: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
enabledForTemplateDeployment boolean: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
networkAcls NetworkRuleSetResponse: Rules governing the accessibility of the key vault from specific network locations.
publicNetworkAccess string: Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
softDeleteRetentionInDays number: softDelete data retention days. It accepts >=7 and <=90.

hsm_pool_resource_id str: The resource id of HSM Pool.
private_endpoint_connections Sequence[PrivateEndpointConnectionItemResponse]: List of private endpoint connections associated with the key vault.
provisioning_state str: Provisioning state of the vault.
sku SkuResponse: SKU details
tenant_id str: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
vault_uri str: The URI of the vault for performing operations on keys and secrets.
access_policies Sequence[AccessPolicyEntryResponse]: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
enable_purge_protection bool: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
enable_rbac_authorization bool: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
enable_soft_delete bool: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
enabled_for_deployment bool: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
enabled_for_disk_encryption bool: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
enabled_for_template_deployment bool: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
network_acls NetworkRuleSetResponse: Rules governing the accessibility of the key vault from specific network locations.
public_network_access str: Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
soft_delete_retention_in_days int: softDelete data retention days. It accepts >=7 and <=90.

hsmPoolResourceId String: The resource id of HSM Pool.
privateEndpointConnections List<Property Map>: List of private endpoint connections associated with the key vault.
provisioningState String: Provisioning state of the vault.
sku Property Map: SKU details
tenantId String: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
vaultUri String: The URI of the vault for performing operations on keys and secrets.
accessPolicies List<Property Map>: An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When createMode is set to recover, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
enablePurgeProtection Boolean: Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
enableRbacAuthorization Boolean: Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
enableSoftDelete Boolean: Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
enabledForDeployment Boolean: Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
enabledForDiskEncryption Boolean: Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
enabledForTemplateDeployment Boolean: Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
networkAcls Property Map: Rules governing the accessibility of the key vault from specific network locations.
publicNetworkAccess String: Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
softDeleteRetentionInDays Number: softDelete data retention days. It accepts >=7 and <=90.

VirtualNetworkRuleResponse

Id string: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
IgnoreMissingVnetServiceEndpoint bool: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

Id string: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
IgnoreMissingVnetServiceEndpoint bool: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

id String: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
ignoreMissingVnetServiceEndpoint Boolean: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

id string: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
ignoreMissingVnetServiceEndpoint boolean: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

id str: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
ignore_missing_vnet_service_endpoint bool: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

id String: Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
ignoreMissingVnetServiceEndpoint Boolean: Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.

Package Details

Repository: Azure Native pulumi/pulumi-azure-native
License: Apache-2.0

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.2.0 published on Monday, Apr 14, 2025 by Pulumi

pulumi/pulumi-azure-native

azure-native.keyvault.getVault

On this page

On this page

Using getVault

getVault Result

Supporting Types

AccessPolicyEntryResponse

IPRuleResponse

NetworkRuleSetResponse

PermissionsResponse

PrivateEndpointConnectionItemResponse

PrivateEndpointResponse

PrivateLinkServiceConnectionStateResponse

SkuResponse

SystemDataResponse

VaultPropertiesResponse

VirtualNetworkRuleResponse

Package Details

On this page

On this page