| title | description | services | author | ms.topic | ms.devlang | ms.service | ms.date | ms.author | ms.custom |
|---|---|---|---|---|---|---|---|---|---|
Quickstart: Create Azure Dedicated HSM with the Azure CLI |
Create, show, list, update, and delete Azure Dedicated HSMs by using the Azure CLI. |
dedicated-hsm |
msmbaldwin |
quickstart |
azurecli |
azure-dedicated-hsm |
04/14/2025 |
mbaldwin |
devx-track-azurecli, mode-api |
This article describes how to create and manage an Azure Dedicated HSM by using the az dedicated-hsm Azure CLI extension.
-
An Azure subscription. You can create a free account if you don't have one.
If you have more than one Azure subscription, set the subscription to use for billing with the Azure CLI az account set command.
az account set --subscription 00000000-0000-0000-0000-000000000000
[!INCLUDE azure-cli-prepare-your-environment-no-header.md]
- All requirements met for a dedicated HSM, including registration, approval, and a virtual network and virtual machine to use for provisioning. For more information about dedicated HSM requirements and prerequisites, see Tutorial: Deploying HSMs into an existing virtual network using the Azure CLI.
An Azure resource group is a logical container for deploying and managing Azure resources as a group. If you don't already have a resource group for the dedicated HSM, create one by using the az group create command. The following example creates a resource group named myRG in the westus Azure region:
az group create --name myRG --location westus
To create a dedicated HSM, use the az dedicated-hsm create command. The following example provisions a dedicated HSM named hsm1 in the westus region, myRG resource group, and specified subscription, virtual network, and subnet. The required parameters are name, location, and resource group.
az dedicated-hsm create \
--resource-group myRG \
--name "hsm1" \
--location "westus" \
--network-profile-network-interfaces private-ip-address="1.0.0.1" \
--subnet id="/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/hsm-group/providers/Microsoft.Network/virtualNetworks/MyHSM-vnet/subnets/MyHSM-vnet" \
--stamp-id "stamp1" \
--sku name="SafeNet Luna Network HSM A790" \
--tags resourceType="hsm" Environment="test" \
--zones "AZ1"
The deployment takes approximately 25 to 30 minutes to complete.
To get a current dedicated HSM, run the az dedicated-hsm show command. The following example gets the hsm1 dedicated HSM in the myRG resource group.
az dedicated-hsm show --resource-group myRG --name hsm1
Use the az dedicated-hsm update command to update a dedicated HSM. The following example updates the hsm1 dedicated HSM in the myRG resource group, and its tags:
az dedicated-hsm update --resource-group myRG –-name hsm1 --tags resourceType="hsm" Environment="prod" Slice="A"
Run the az dedicated-hsm list command to get information about current dedicated HSMs. The following example lists the dedicated HSMs in the myRG resource group:
az dedicated-hsm list --resource-group myRG
To remove a dedicated HSM, use the az dedicated-hsm delete command. The following example deletes the hsm1 dedicated HSM from the myRG resource group:
az dedicated-hsm delete --resource-group myRG –-name hsm1
If you no longer need the resource group you created for dedicated HSM, you can delete it by running the az group delete command. This command deletes the group and all resources in it, including any that are unrelated to dedicated HSM. The following example deletes the myRG resource group and everything in it:
az group delete --name myRG
To learn more about Azure Dedicated HSM, see Azure Dedicated HSM.