CODEWITHSUNDEEP
azure-keyvault
Peter
Peter

Reputation: 1391

Upgrade Azure Key Vault to Premium SKU

I have an existing Azure Key Vault that currently uses the Standard software encryption and I want to upgrade this vault to a premium tier with HSM. I know that creating a HSM-capable vault is done like this:

New-AzureRmKeyVault -VaultName 'ContosoKeyVaultHSM' -ResourceGroupName 'ContosoResourceGroup' -Location 'East Asia' -SKU 'Premium'

But is it possible to upgrade an already existing vault? I don't necessarily want to copy all my secrets over to another vault. I do not want to port existing secrets from Software encryption to HSM, but I want to add new HSM capabilities to my existing vault, so that I don't have to run two vaults. Is this supported?

Upvotes: 6

Views: 7570

Answers (5)

Dirk N.
Dirk N.

Reputation: 320

If anyone is wondering how it goes with the az CLI:

az keyvault update --set properties.sku.name=premium --name <vaultname> --resource-group <rgname>

Upvotes: 6

Robert Taylor
Robert Taylor

Reputation: 61

Here is the commands I ran using the new Azure Powershell

$vault = Get-AzResource -ResourceName "my-kv" -ResourceGroupName "my-rg" -ResourceType Microsoft.KeyVault/vaults -ExpandProperties
$vault.Properties.sku.name = 'Premium'
Set-AzResource -ResourceId $vault.ResourceId -Tags $vault.Tags -Properties $vault.Properties

Upvotes: 1

Alejandro Azofeifa
Alejandro Azofeifa

Reputation: 1

 Login-AzAccount
       $vaultResourceId = (Get-AzureRMKeyVault -VaultName "AzIdentity").ResourceId
       $vault = Get-AzureRmResource -ResourceId $vaultResourceId -ExpandProperties
       $vault.Properties.sku.name = "Premium" # or "Standard"
       Set-AzureRMResource -ResourceId $vaultResourceId -Properties $vault.Properties

Upvotes: 0

Sean Barnes
Sean Barnes

Reputation: 316

It is possible to change an existing vault's SKU:

$vault = Find-AzureRmResource -ResourceName myvault -ResourceType Microsoft.KeyVault/vaults -ExpandProperties
$vault.Properties.sku.name = 'premium'
Set-AzureRmResource -ResourceId $vault.ResourceId -Tags $vault.Tags -Properties $vault.Properties

Upvotes: 9

Amit Bapat - MSFT
Amit Bapat - MSFT

Reputation: 1

There is no command to change your SKU, but you can change the resource using Set-AzureRmResource cmdlet.

PS C:\> $vaultResourceID = "subscriptions/<GUID>/resourceGroups/VaultResources/providers/Microsoft.KeyVault/vaults/<yourvaultname>
PS C:\> $vault.Properti"
PS C:\> $vault = Get-AzureRmResource -ResourceId $vaultResourceID
PS C:\> $vault.Properties.sku.name
standard
PS C:\> $vault.Properties.sku.name = 'premium'
PS C:> Set-AzureRmResource -ResourceId $vaultResourceID -Properties $vault.Properties

Upvotes: 0

Related Questions