azure_ad_groupazure_ad_service_principalazure_ad_userazure_api_managementazure_app_configurationazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_application_gatewayazure_application_security_groupazure_batch_accountazure_cognitive_accountazure_compute_availability_setazure_compute_diskazure_compute_disk_accessazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_virtual_machineazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_compute_virtual_machine_scale_setazure_compute_virtual_machine_scale_set_vmazure_container_registryazure_cosmosdb_accountazure_cosmosdb_mongo_databaseazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_data_lake_analytics_accountazure_data_lake_storeazure_databox_edge_deviceazure_diagnostic_settingazure_eventgrid_domainazure_eventgrid_topicazure_eventhub_namespaceazure_express_route_circuitazure_firewallazure_frontdoorazure_hdinsight_clusterazure_healthcare_serviceazure_hpc_cacheazure_hybrid_compute_machineazure_hybrid_kubernetes_connected_clusterazure_iothubazure_iothub_dpsazure_key_vaultazure_key_vault_deleted_vaultazure_key_vault_keyazure_key_vault_managed_hardware_security_moduleazure_key_vault_secretazure_kubernetes_clusterazure_kusto_clusterazure_lbazure_lb_backend_address_poolazure_lb_nat_ruleazure_lb_outbound_ruleazure_lb_probeazure_lb_ruleazure_locationazure_log_alertazure_log_profileazure_logic_app_workflowazure_machine_learning_workspaceazure_management_groupazure_management_lockazure_mariadb_serverazure_mssql_elasticpoolazure_mssql_managed_instanceazure_mssql_virtual_machineazure_mysql_flexible_serverazure_mysql_serverazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_serverazure_providerazure_public_ipazure_recovery_services_vaultazure_redis_cacheazure_resource_groupazure_resource_linkazure_role_assignmentazure_role_definitionazure_route_tableazure_search_serviceazure_security_center_auto_provisioningazure_security_center_automationazure_security_center_contactazure_security_center_jit_network_access_policyazure_security_center_settingazure_security_center_sub_assessmentazure_security_center_subscription_pricingazure_service_fabric_clusterazure_servicebus_namespaceazure_signalr_serviceazure_spring_cloud_serviceazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_share_fileazure_storage_syncazure_storage_tableazure_storage_table_serviceazure_stream_analytics_jobazure_subnetazure_subscriptionazure_synapse_workspaceazure_tenantazure_virtual_networkazure_virtual_network_gatewayindex
Table: azure_key_vault_managed_hardware_security_module
Azure Key Vault Managed HSM is a fully managed, highly available, single-tenant, standards-compliant cloud service that enables you to safeguard cryptographic keys for your cloud applications, using FIPS 140-2 Level 3 validated HSMs.
Examples
Basic info
select name, id, hsm_uri, type, enable_soft_delete, regionfrom azure_key_vault_managed_hardware_security_module;List soft delete disabled hsm managed key vaults
select name, id, enable_soft_deletefrom azure_key_vault_managed_hardware_security_modulewhere not enable_soft_delete;Control examples
- key_vault_managed_hardware_security_module_mandatory
- key_vault_managed_hardware_security_module_prohibited
- key_vault_managed_hardware_security_module_tag_limit
- key_vault_managed_hardware_security_module_untagged
- keyvault_managed_hms_logging_enabled
- keyvault_managed_hms_purge_protection_enabled
.inspect azure_key_vault_managed_hardware_security_module
Azure Key Vault Managed Hardware Security Module
| Name | Type | Description |
|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. |
| cloud_environment | text | The Azure Cloud Environment. |
| create_mode | text | The create mode to indicate whether the resource is being created or is being recovered from a deleted resource. Possible values include: 'CreateModeRecover', 'CreateModeDefault'. |
| diagnostic_settings | jsonb | A list of active diagnostic settings for the managed HSM. |
| enable_purge_protection | boolean | Property specifying whether protection against purge is enabled for this managed HSM pool. Setting this property to true activates protection against purge for this managed HSM pool and its content - only the Managed HSM service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible. |
| enable_soft_delete | boolean | Property to specify whether the 'soft delete' functionality is enabled for this managed HSM pool. If it's not set to any value(true or false) when creating new managed HSM pool, it will be set to true by default. Once set to true, it cannot be reverted to false. |
| hsm_uri | text | The URI of the managed hsm pool for performing operations on keys. |
| id | text | The Azure Resource Manager resource ID for the managed HSM Pool. |
| name | text | The name of the managed HSM Pool. |
| provisioning_state | text | Provisioning state. Possible values include: 'ProvisioningStateSucceeded', 'ProvisioningStateProvisioning', 'ProvisioningStateFailed', 'ProvisioningStateUpdating', 'ProvisioningStateDeleting', 'ProvisioningStateActivated', 'ProvisioningStateSecurityDomainRestore', 'ProvisioningStateRestoring'. |
| region | text | The Azure region/location in which the resource is located. |
| resource_group | text | The resource group which holds this resource. |
| sku_family | text | Contains SKU family name. |
| sku_name | text | SKU name to specify whether the key vault is a standard vault or a premium vault. |
| soft_delete_retention_in_days | bigint | Indicates softDelete data retention days. It accepts >=7 and <=90. |
| status_message | text | Resource Status Message. |
| subscription_id | text | The Azure Subscription ID in which the resource is located. |
| tags | jsonb | A map of tags for the resource. |
| tenant_id | text | The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. |
| title | text | Title of the resource. |
| type | text | The resource type of the managed HSM Pool. |