We recommend using Azure Native.
Azure v6.28.0 published on Friday, Oct 3, 2025 by Pulumi
Use this data source to access information about an existing Key Vault Managed Hardware Security Module Role Definition.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = azure.keyvault.getManagedHardwareSecurityModuleRoleDefinition({
managedHsmId: exampleAzurermKeyVaultManagedHardwareSecurityModule.id,
name: "21dbd100-6940-42c2-9190-5d6cb909625b",
});
export const id = example.then(example => example.resourceManagerId);
import pulumi
import pulumi_azure as azure
example = azure.keyvault.get_managed_hardware_security_module_role_definition(managed_hsm_id=example_azurerm_key_vault_managed_hardware_security_module["id"],
name="21dbd100-6940-42c2-9190-5d6cb909625b")
pulumi.export("id", example.resource_manager_id)
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := keyvault.LookupManagedHardwareSecurityModuleRoleDefinition(ctx, &keyvault.LookupManagedHardwareSecurityModuleRoleDefinitionArgs{
ManagedHsmId: exampleAzurermKeyVaultManagedHardwareSecurityModule.Id,
Name: "21dbd100-6940-42c2-9190-5d6cb909625b",
}, nil)
if err != nil {
return err
}
ctx.Export("id", example.ResourceManagerId)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = Azure.KeyVault.GetManagedHardwareSecurityModuleRoleDefinition.Invoke(new()
{
ManagedHsmId = exampleAzurermKeyVaultManagedHardwareSecurityModule.Id,
Name = "21dbd100-6940-42c2-9190-5d6cb909625b",
});
return new Dictionary<string, object?>
{
["id"] = example.Apply(getManagedHardwareSecurityModuleRoleDefinitionResult => getManagedHardwareSecurityModuleRoleDefinitionResult.ResourceManagerId),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.keyvault.KeyvaultFunctions;
import com.pulumi.azure.keyvault.inputs.GetManagedHardwareSecurityModuleRoleDefinitionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = KeyvaultFunctions.getManagedHardwareSecurityModuleRoleDefinition(GetManagedHardwareSecurityModuleRoleDefinitionArgs.builder()
.managedHsmId(exampleAzurermKeyVaultManagedHardwareSecurityModule.id())
.name("21dbd100-6940-42c2-9190-5d6cb909625b")
.build());
ctx.export("id", example.resourceManagerId());
}
}
variables:
example:
fn::invoke:
function: azure:keyvault:getManagedHardwareSecurityModuleRoleDefinition
arguments:
managedHsmId: ${exampleAzurermKeyVaultManagedHardwareSecurityModule.id}
name: 21dbd100-6940-42c2-9190-5d6cb909625b
outputs:
id: ${example.resourceManagerId}
Using getManagedHardwareSecurityModuleRoleDefinition
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getManagedHardwareSecurityModuleRoleDefinition(args: GetManagedHardwareSecurityModuleRoleDefinitionArgs, opts?: InvokeOptions): Promise<GetManagedHardwareSecurityModuleRoleDefinitionResult>
function getManagedHardwareSecurityModuleRoleDefinitionOutput(args: GetManagedHardwareSecurityModuleRoleDefinitionOutputArgs, opts?: InvokeOptions): Output<GetManagedHardwareSecurityModuleRoleDefinitionResult>def get_managed_hardware_security_module_role_definition(managed_hsm_id: Optional[str] = None,
name: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetManagedHardwareSecurityModuleRoleDefinitionResult
def get_managed_hardware_security_module_role_definition_output(managed_hsm_id: Optional[pulumi.Input[str]] = None,
name: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetManagedHardwareSecurityModuleRoleDefinitionResult]func LookupManagedHardwareSecurityModuleRoleDefinition(ctx *Context, args *LookupManagedHardwareSecurityModuleRoleDefinitionArgs, opts ...InvokeOption) (*LookupManagedHardwareSecurityModuleRoleDefinitionResult, error)
func LookupManagedHardwareSecurityModuleRoleDefinitionOutput(ctx *Context, args *LookupManagedHardwareSecurityModuleRoleDefinitionOutputArgs, opts ...InvokeOption) LookupManagedHardwareSecurityModuleRoleDefinitionResultOutput> Note: This function is named LookupManagedHardwareSecurityModuleRoleDefinition in the Go SDK.
public static class GetManagedHardwareSecurityModuleRoleDefinition
{
public static Task<GetManagedHardwareSecurityModuleRoleDefinitionResult> InvokeAsync(GetManagedHardwareSecurityModuleRoleDefinitionArgs args, InvokeOptions? opts = null)
public static Output<GetManagedHardwareSecurityModuleRoleDefinitionResult> Invoke(GetManagedHardwareSecurityModuleRoleDefinitionInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetManagedHardwareSecurityModuleRoleDefinitionResult> getManagedHardwareSecurityModuleRoleDefinition(GetManagedHardwareSecurityModuleRoleDefinitionArgs args, InvokeOptions options)
public static Output<GetManagedHardwareSecurityModuleRoleDefinitionResult> getManagedHardwareSecurityModuleRoleDefinition(GetManagedHardwareSecurityModuleRoleDefinitionArgs args, InvokeOptions options)
fn::invoke:
function: azure:keyvault/getManagedHardwareSecurityModuleRoleDefinition:getManagedHardwareSecurityModuleRoleDefinition
arguments:
# arguments dictionaryThe following arguments are supported:
- Managed
Hsm stringId - The ID of the Key Vault Managed Hardware Security Module.
- Name string
- The name in UUID notation of this Key Vault Managed Hardware Security Module Role Definition.
- Managed
Hsm stringId - The ID of the Key Vault Managed Hardware Security Module.
- Name string
- The name in UUID notation of this Key Vault Managed Hardware Security Module Role Definition.
- managed
Hsm StringId - The ID of the Key Vault Managed Hardware Security Module.
- name String
- The name in UUID notation of this Key Vault Managed Hardware Security Module Role Definition.
- managed
Hsm stringId - The ID of the Key Vault Managed Hardware Security Module.
- name string
- The name in UUID notation of this Key Vault Managed Hardware Security Module Role Definition.
- managed_
hsm_ strid - The ID of the Key Vault Managed Hardware Security Module.
- name str
- The name in UUID notation of this Key Vault Managed Hardware Security Module Role Definition.
- managed
Hsm StringId - The ID of the Key Vault Managed Hardware Security Module.
- name String
- The name in UUID notation of this Key Vault Managed Hardware Security Module Role Definition.
getManagedHardwareSecurityModuleRoleDefinition Result
The following output properties are available:
- Assignable
Scopes List<string> - A list of assignable role scopes. Possible values are
/and/keys. - Description string
- A text description of the Key Vault Managed Hardware Security Module Role Definition.
- Id string
- The provider-assigned unique ID for this managed resource.
- Managed
Hsm stringId - Name string
- Permissions
List<Get
Managed Hardware Security Module Role Definition Permission> - A
permissionblock as defined below. - Resource
Manager stringId - The ID of the Key Vault Managed Hardware Security Module Role Definition resource without base url.
- Role
Name string - The display name of the Key Vault Managed Hardware Security Module Role Definition.
- Role
Type string - The type of the Key Vault Managed Hardware Security Module Role Definition. Possible values are
AKVBuiltInRoleandCustomRole.
- Assignable
Scopes []string - A list of assignable role scopes. Possible values are
/and/keys. - Description string
- A text description of the Key Vault Managed Hardware Security Module Role Definition.
- Id string
- The provider-assigned unique ID for this managed resource.
- Managed
Hsm stringId - Name string
- Permissions
[]Get
Managed Hardware Security Module Role Definition Permission - A
permissionblock as defined below. - Resource
Manager stringId - The ID of the Key Vault Managed Hardware Security Module Role Definition resource without base url.
- Role
Name string - The display name of the Key Vault Managed Hardware Security Module Role Definition.
- Role
Type string - The type of the Key Vault Managed Hardware Security Module Role Definition. Possible values are
AKVBuiltInRoleandCustomRole.
- assignable
Scopes List<String> - A list of assignable role scopes. Possible values are
/and/keys. - description String
- A text description of the Key Vault Managed Hardware Security Module Role Definition.
- id String
- The provider-assigned unique ID for this managed resource.
- managed
Hsm StringId - name String
- permissions
List<Get
Managed Hardware Security Module Role Definition Permission> - A
permissionblock as defined below. - resource
Manager StringId - The ID of the Key Vault Managed Hardware Security Module Role Definition resource without base url.
- role
Name String - The display name of the Key Vault Managed Hardware Security Module Role Definition.
- role
Type String - The type of the Key Vault Managed Hardware Security Module Role Definition. Possible values are
AKVBuiltInRoleandCustomRole.
- assignable
Scopes string[] - A list of assignable role scopes. Possible values are
/and/keys. - description string
- A text description of the Key Vault Managed Hardware Security Module Role Definition.
- id string
- The provider-assigned unique ID for this managed resource.
- managed
Hsm stringId - name string
- permissions
Get
Managed Hardware Security Module Role Definition Permission[] - A
permissionblock as defined below. - resource
Manager stringId - The ID of the Key Vault Managed Hardware Security Module Role Definition resource without base url.
- role
Name string - The display name of the Key Vault Managed Hardware Security Module Role Definition.
- role
Type string - The type of the Key Vault Managed Hardware Security Module Role Definition. Possible values are
AKVBuiltInRoleandCustomRole.
- assignable_
scopes Sequence[str] - A list of assignable role scopes. Possible values are
/and/keys. - description str
- A text description of the Key Vault Managed Hardware Security Module Role Definition.
- id str
- The provider-assigned unique ID for this managed resource.
- managed_
hsm_ strid - name str
- permissions
Sequence[Get
Managed Hardware Security Module Role Definition Permission] - A
permissionblock as defined below. - resource_
manager_ strid - The ID of the Key Vault Managed Hardware Security Module Role Definition resource without base url.
- role_
name str - The display name of the Key Vault Managed Hardware Security Module Role Definition.
- role_
type str - The type of the Key Vault Managed Hardware Security Module Role Definition. Possible values are
AKVBuiltInRoleandCustomRole.
- assignable
Scopes List<String> - A list of assignable role scopes. Possible values are
/and/keys. - description String
- A text description of the Key Vault Managed Hardware Security Module Role Definition.
- id String
- The provider-assigned unique ID for this managed resource.
- managed
Hsm StringId - name String
- permissions List<Property Map>
- A
permissionblock as defined below. - resource
Manager StringId - The ID of the Key Vault Managed Hardware Security Module Role Definition resource without base url.
- role
Name String - The display name of the Key Vault Managed Hardware Security Module Role Definition.
- role
Type String - The type of the Key Vault Managed Hardware Security Module Role Definition. Possible values are
AKVBuiltInRoleandCustomRole.
Supporting Types
GetManagedHardwareSecurityModuleRoleDefinitionPermission
- Actions List<string>
- A list of action permission granted.
- Data
Actions List<string> - A list of data action permission granted.
- Not
Actions List<string> - A list of action permission excluded (but not denied).
- Not
Data List<string>Actions - A list of data action permission granted.
- Actions []string
- A list of action permission granted.
- Data
Actions []string - A list of data action permission granted.
- Not
Actions []string - A list of action permission excluded (but not denied).
- Not
Data []stringActions - A list of data action permission granted.
- actions List<String>
- A list of action permission granted.
- data
Actions List<String> - A list of data action permission granted.
- not
Actions List<String> - A list of action permission excluded (but not denied).
- not
Data List<String>Actions - A list of data action permission granted.
- actions string[]
- A list of action permission granted.
- data
Actions string[] - A list of data action permission granted.
- not
Actions string[] - A list of action permission excluded (but not denied).
- not
Data string[]Actions - A list of data action permission granted.
- actions Sequence[str]
- A list of action permission granted.
- data_
actions Sequence[str] - A list of data action permission granted.
- not_
actions Sequence[str] - A list of action permission excluded (but not denied).
- not_
data_ Sequence[str]actions - A list of data action permission granted.
- actions List<String>
- A list of action permission granted.
- data
Actions List<String> - A list of data action permission granted.
- not
Actions List<String> - A list of action permission excluded (but not denied).
- not
Data List<String>Actions - A list of data action permission granted.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.
