Import-AzKeyVaultSecurityDomain
Imports previously exported security ___domain data to a managed HSM.
Syntax
ByName (Default)
Import-AzKeyVaultSecurityDomain
-Name <String>
-Keys <KeyPath[]>
-SecurityDomainPath <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>]
ByRestoredBlob
Import-AzKeyVaultSecurityDomain
-Name <String>
-SecurityDomainPath <String>
[-ImportRestoredBlob]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>]
GenerateExchangeKey
Import-AzKeyVaultSecurityDomain
-Name <String>
-OutFile <String>
[-Force]
[-DownloadExchangeKey]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>]
Import-AzKeyVaultSecurityDomain
-InputObject <PSKeyVaultIdentityItem>
-Keys <KeyPath[]>
-SecurityDomainPath <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>]
DoRestoreBlob
Import-AzKeyVaultSecurityDomain
-Keys <KeyPath[]>
-SecurityDomainPath <String>
-OutFile <String>
-ExchangeKeyPath <String>
[-Force]
[-RestoreBlob]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>]
Description
This cmdlet imports previously exported security ___domain data to a managed HSM.
Examples
Example 1: Import Security ___domain
$keys = @{PublicKey = "sd1.cer"; PrivateKey = "sd1.key"}, @{PublicKey = "sd2.cer"; PrivateKey = "sd2.key"}, @{PublicKey = "sd3.cer"; PrivateKey = "sd3.key"}
Import-AzKeyVaultSecurityDomain -Name testmhsm -Keys $keys -SecurityDomainPath sd.ps.json
First, the keys need be provided to decrypt the security ___domain data.
Then, The Import-AzKeyVaultSecurityDomain command restores previous backed up security ___domain data to a managed HSM using these keys.
Example 2: Import Security ___domain by separate steps
$exchangeKeyOutputPath = "ExchangeKey.cer"
$SecurityDomainRestoredBlob = "HsmRestoreBlob.json"
$keys = @{PublicKey = "sd1.cer"; PrivateKey = "sd1.key"}, @{PublicKey = "sd2.cer"; PrivateKey = "sd2.key"}, @{PublicKey = "sd3.cer"; PrivateKey = "sd3.key"}
Import-AzKeyVaultSecurityDomain -Name testmhsm -OutFile $exchangeKeyOutputPath -DownloadExchangeKey
Import-AzKeyVaultSecurityDomain -Keys $keys -ExchangeKeyPath $exchangeKeyPath -SecurityDomainPath sd.ps.json -OutFile sd_restored.ps.json -RestoreBlob
Import-AzKeyVaultSecurityDomain -Name testmhsm -SecurityDomainPath $SecurityDomainRestoredBlob -ImportRestoredBlob
First, an exchange key should be downloaded by adding -DownloadExchangeKey.
Then, the security ___domain data should be decrypted locally using key pairs and encrypted using generated exchange key by adding -RestoreBlob.
Finally, the restored security ___domain data can be imported to a managed HSM using -ImportRestoredBlob.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
Type: IAzureContextContainer
Default value: None Supports wildcards: False DontShow: False Aliases: AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DownloadExchangeKey
When specified, an exchange key will be downloaded to specified path.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
GenerateExchangeKey
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ExchangeKeyPath
Local path of exchange key used to encrypt the security ___domain data. Generated by running Import-AzKeyVaultSecurityDomain with -DownloadExchangeKey.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
DoRestoreBlob
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Force
Specify whether to overwrite existing file.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
GenerateExchangeKey
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
DoRestoreBlob
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ImportRestoredBlob
When specified, SecurityDomainPath should be encrypted security ___domain data generated by Restore-AzKeyVaultSecurityDomainBlob.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByRestoredBlob
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
Object representing a managed HSM.
ByInputObject
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-Keys
Information about the keys that are used to decrypt the security ___domain data.
See examples for how it is constructed.
Parameter properties
Type: KeyPath [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
ByName
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByInputObject
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
DoRestoreBlob
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Name
Name of the managed HSM.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: HsmName
Parameter sets
ByName
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByRestoredBlob
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
GenerateExchangeKey
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-OutFile
Local file path to store the security ___domain encrypted with the exchange key.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
GenerateExchangeKey
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
DoRestoreBlob
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-PassThru
When specified, a boolean will be returned when cmdlet succeeds.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-RestoreBlob
When specified, the security ___domain data will be decrypted and encrypted using generated ExchangeKey locally.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
DoRestoreBlob
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SecurityDomainPath
Specify the path to the encrypted security ___domain data.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: Path
Parameter sets
ByName
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByRestoredBlob
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
ByInputObject
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
DoRestoreBlob
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SubscriptionId
The ID of the subscription.
By default, cmdlets are executed in the subscription that is set in the current context. If the user specifies another subscription, the current cmdlet is executed in the subscription specified by the user.
Overriding subscriptions only take effect during the lifecycle of the current cmdlet. It does not change the subscription in the context, and does not affect subsequent cmdlets.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
