import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages a Key Vault Managed Hardware Security Module. * * > **Note:** The Azure Provider includes a Feature Toggle which will purge a Key Vault Managed Hardware Security Module resource on destroy, rather than the default soft-delete. See `purgeSoftDeletedHardwareSecurityModulesOnDestroy` for more information. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const current = azure.core.getClientConfig({}); * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleManagedHardwareSecurityModule = new azure.keyvault.ManagedHardwareSecurityModule("example", { * name: "exampleKVHsm", * resourceGroupName: example.name, * location: example.location, * skuName: "Standard_B1", * purgeProtectionEnabled: false, * softDeleteRetentionDays: 90, * tenantId: current.then(current => current.tenantId), * adminObjectIds: [current.then(current => current.objectId)], * tags: { * Env: "Test", * }, * }); * ``` * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.KeyVault` - 2023-07-01 * * ## Import * * Key Vault Managed Hardware Security Module can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:keyvault/managedHardwareSecurityModule:ManagedHardwareSecurityModule example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.KeyVault/managedHSMs/hsm1 * ``` */ export declare class ManagedHardwareSecurityModule extends pulumi.CustomResource { /** * Get an existing ManagedHardwareSecurityModule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ManagedHardwareSecurityModuleState, opts?: pulumi.CustomResourceOptions): ManagedHardwareSecurityModule; /** * Returns true if the given object is an instance of ManagedHardwareSecurityModule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ManagedHardwareSecurityModule; /** * Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created. */ readonly adminObjectIds: pulumi.Output; /** * The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys. */ readonly hsmUri: pulumi.Output; /** * Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. */ readonly location: pulumi.Output; /** * Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created. */ readonly name: pulumi.Output; /** * A `networkAcls` block as defined below. */ readonly networkAcls: pulumi.Output; /** * Whether traffic from public networks is permitted. Defaults to `true`. */ readonly publicNetworkAccessEnabled: pulumi.Output; /** * Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created. */ readonly purgeProtectionEnabled: pulumi.Output; /** * The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created. */ readonly resourceGroupName: pulumi.Output; /** * This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain. */ readonly securityDomainEncryptedData: pulumi.Output; /** * A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see [activate-your-managed-hsm](https://learn.microsoft.com/azure/key-vault/managed-hsm/quick-create-cli#activate-your-managed-hsm) */ readonly securityDomainKeyVaultCertificateIds: pulumi.Output; /** * Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when `securityDomainKeyVaultCertificateIds` is specified. Valid values are between 2 and 10. */ readonly securityDomainQuorum: pulumi.Output; /** * The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is `Standard_B1`. Changing this forces a new resource to be created. */ readonly skuName: pulumi.Output; /** * The number of days that items should be retained for once soft-deleted. This value can be between `7` and `90` days. Defaults to `90`. Changing this forces a new resource to be created. */ readonly softDeleteRetentionDays: pulumi.Output; /** * A mapping of tags to assign to the resource. */ readonly tags: pulumi.Output<{ [key: string]: string; } | undefined>; /** * The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created. */ readonly tenantId: pulumi.Output; /** * Create a ManagedHardwareSecurityModule resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ManagedHardwareSecurityModuleArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ManagedHardwareSecurityModule resources. */ export interface ManagedHardwareSecurityModuleState { /** * Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created. */ adminObjectIds?: pulumi.Input[]>; /** * The URI of the Key Vault Managed Hardware Security Module, used for performing operations on keys. */ hsmUri?: pulumi.Input; /** * Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. */ location?: pulumi.Input; /** * Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * A `networkAcls` block as defined below. */ networkAcls?: pulumi.Input; /** * Whether traffic from public networks is permitted. Defaults to `true`. */ publicNetworkAccessEnabled?: pulumi.Input; /** * Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created. */ purgeProtectionEnabled?: pulumi.Input; /** * The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created. */ resourceGroupName?: pulumi.Input; /** * This attribute can be used for disaster recovery or when creating another Managed HSM that shares the same security domain. */ securityDomainEncryptedData?: pulumi.Input; /** * A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see [activate-your-managed-hsm](https://learn.microsoft.com/azure/key-vault/managed-hsm/quick-create-cli#activate-your-managed-hsm) */ securityDomainKeyVaultCertificateIds?: pulumi.Input[]>; /** * Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when `securityDomainKeyVaultCertificateIds` is specified. Valid values are between 2 and 10. */ securityDomainQuorum?: pulumi.Input; /** * The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is `Standard_B1`. Changing this forces a new resource to be created. */ skuName?: pulumi.Input; /** * The number of days that items should be retained for once soft-deleted. This value can be between `7` and `90` days. Defaults to `90`. Changing this forces a new resource to be created. */ softDeleteRetentionDays?: pulumi.Input; /** * A mapping of tags to assign to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created. */ tenantId?: pulumi.Input; } /** * The set of arguments for constructing a ManagedHardwareSecurityModule resource. */ export interface ManagedHardwareSecurityModuleArgs { /** * Specifies a list of administrators object IDs for the key vault Managed Hardware Security Module. Changing this forces a new resource to be created. */ adminObjectIds: pulumi.Input[]>; /** * Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. */ location?: pulumi.Input; /** * Specifies the name of the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * A `networkAcls` block as defined below. */ networkAcls?: pulumi.Input; /** * Whether traffic from public networks is permitted. Defaults to `true`. */ publicNetworkAccessEnabled?: pulumi.Input; /** * Is Purge Protection enabled for this Key Vault Managed Hardware Security Module? Changing this forces a new resource to be created. */ purgeProtectionEnabled?: pulumi.Input; /** * The name of the resource group in which to create the Key Vault Managed Hardware Security Module. Changing this forces a new resource to be created. */ resourceGroupName: pulumi.Input; /** * A list of KeyVault certificates resource IDs (minimum of three and up to a maximum of 10) to activate this Managed HSM. More information see [activate-your-managed-hsm](https://learn.microsoft.com/azure/key-vault/managed-hsm/quick-create-cli#activate-your-managed-hsm) */ securityDomainKeyVaultCertificateIds?: pulumi.Input[]>; /** * Specifies the minimum number of shares required to decrypt the security domain for recovery. This is required when `securityDomainKeyVaultCertificateIds` is specified. Valid values are between 2 and 10. */ securityDomainQuorum?: pulumi.Input; /** * The Name of the SKU used for this Key Vault Managed Hardware Security Module. Possible value is `Standard_B1`. Changing this forces a new resource to be created. */ skuName: pulumi.Input; /** * The number of days that items should be retained for once soft-deleted. This value can be between `7` and `90` days. Defaults to `90`. Changing this forces a new resource to be created. */ softDeleteRetentionDays?: pulumi.Input; /** * A mapping of tags to assign to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The Azure Active Directory Tenant ID that should be used for authenticating requests to the key vault Managed Hardware Security Module. Changing this forces a new resource to be created. */ tenantId: pulumi.Input; }