Compartilhar via


CustomerManagedKey Class

Key vault details for encrypting data with customer-managed keys.

Inheritance
builtins.object
CustomerManagedKey

Constructor

CustomerManagedKey(key_vault: str | None = None, key_uri: str | None = None, cosmosdb_id: str | None = None, storage_id: str | None = None, search_id: str | None = None)

Parameters

Name Description
key_vault
str

Key vault that is holding the customer-managed key.

Default value: None
key_uri
str

URI for the customer-managed key.

Default value: None
cosmosdb_id
str

ARM id of bring-your-own cosmosdb account that customer brings to store customer's data with encryption.

Default value: None
storage_id
str

ARM id of bring-your-own storage account that customer brings to store customer's data with encryption.

Default value: None
search_id
str

ARM id of bring-your-own search account that customer brings to store customer's data with encryption.

Default value: None

Examples

Creating a CustomerManagedKey object.


   from azure.ai.ml.entities import CustomerManagedKey, Workspace

   cmk = CustomerManagedKey(
       key_vault="/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/vault-name",
       key_uri="https://vault-name.vault.azure.net/keys/key-name/key-version",
   )

   # special bring your own scenario
   byo_cmk = CustomerManagedKey(
       key_vault="/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/vault-name",
       key_uri="https://vault-name.vault.azure.net/keys/key-name/key-version",
       cosmosdb_id="/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/test-rg/providers/Microsoft.DocumentDB/databaseAccounts/cosmos-name",
       storage_id="/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/test-rg/providers/Microsoft.Storage/storageAccounts/storage-name",
       search_id="/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/test-rg/providers/Microsoft.Search/searchServices/search-name",
   )

   ws = Workspace(name="ws-name", location="eastus", display_name="My workspace", customer_managed_key=cmk)