Restore-AzKeyVault
Fully restores a managed HSM from backup.
Syntax
InteractiveStorageName (Default)
Restore-AzKeyVault
[-HsmName] <String>
-BackupFolder <String>
-StorageAccountName <String>
-StorageContainerName <String>
[-KeyName <String>]
[-PassThru]
[-SasToken <SecureString>]
[-UseUserManagedIdentity]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
InteractiveStorageUri
Restore-AzKeyVault
[-HsmName] <String>
-BackupFolder <String>
-StorageContainerUri <Uri>
[-KeyName <String>]
[-PassThru]
[-SasToken <SecureString>]
[-UseUserManagedIdentity]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Restore-AzKeyVault
-BackupFolder <String>
-StorageContainerUri <Uri>
-HsmObject <PSManagedHsm>
[-KeyName <String>]
[-PassThru]
[-SasToken <SecureString>]
[-UseUserManagedIdentity]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Restore-AzKeyVault
-BackupFolder <String>
-StorageAccountName <String>
-StorageContainerName <String>
-HsmObject <PSManagedHsm>
[-KeyName <String>]
[-PassThru]
[-SasToken <SecureString>]
[-UseUserManagedIdentity]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Fully restores a managed HSM from a backup stored in a storage account.
Use Backup-AzKeyVault to backup.
Examples
Example 1 Restore a Key Vault
$sasToken = ConvertTo-SecureString -AsPlainText -Force "?sv=2019-12-12&ss=bfqt&srt=sco&sp=rwdlacupx&se=2020-10-12T14:42:19Z&st=2020-10-12T06:42:19Z&spr=https&sig=******"
Restore-AzKeyVault -HsmName myHsm -StorageContainerUri "https://{accountName}.blob.core.windows.net/{containerName}" -BackupFolder "mhsm-myHsm-2020101308504935" -SasToken $sasToken
The example restores a backup stored in a folder named "mhsm-myHsm-2020101308504935" of a storage container "https://{accountName}.blob.core.windows.net/{containerName}".
Example 2 Restore a Key Vault via User Assigned Managed Identity Authentication
# Make sure an identity is assigned to the Hsm
Update-AzKeyVaultManagedHsm -UserAssignedIdentity "/subscriptions/{sub-id}/resourceGroups/{rg-name}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identity-name}"
Restore-AzKeyVault -HsmName myHsm -StorageContainerUri "https://{accountName}.blob.core.windows.net/{containerName}" -BackupFolder "mhsm-myHsm-2020101308504935" -UseUserManagedIdentity
The example restores an HSM via User Assigned Managed Identity Authentication.
Parameters
-BackupFolder
Folder name of the backup, e.g.
'mhsm--2020101309020403'.
It can also be nested such as 'backups/mhsm- -2020101309020403'.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
Type: IAzureContextContainer
Default value: None Supports wildcards: False DontShow: False Aliases: AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-HsmName
Name of the HSM.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
InteractiveStorageName
Position: 1 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
InteractiveStorageUri
Position: 1 Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-HsmObject
Managed HSM object
Parameter properties
Type: PSManagedHsm
Default value: None Supports wildcards: False DontShow: False
Parameter sets
InputObjectStorageUri
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
InputObjectStorageName
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-KeyName
Key name to restore.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-PassThru
Return true when the HSM is restored.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SasToken
The shared access signature (SAS) token to authenticate the storage account.
Parameter properties
Type: SecureString
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-StorageAccountName
Name of the storage account where the backup is going to be stored.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
InteractiveStorageName
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
InputObjectStorageName
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-StorageContainerName
Name of the blob container where the backup is going to be stored.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
InteractiveStorageName
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
InputObjectStorageName
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-StorageContainerUri
URI of the storage container where the backup is going to be stored.
Parameter properties
Type: Uri
Default value: None Supports wildcards: False DontShow: False
Parameter sets
InteractiveStorageUri
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
InputObjectStorageUri
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-UseUserManagedIdentity
Specified to use User Managed Identity to authenticate the storage account. Only valid when SasToken is not set.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
None
Outputs
