diff --git a/src/KeyVault/KeyVault.Test/KeyVault.Test.csproj b/src/KeyVault/KeyVault.Test/KeyVault.Test.csproj
index e268112b2e12..85fc84cb21a9 100644
--- a/src/KeyVault/KeyVault.Test/KeyVault.Test.csproj
+++ b/src/KeyVault/KeyVault.Test/KeyVault.Test.csproj
@@ -13,7 +13,6 @@
-
diff --git a/src/KeyVault/KeyVault.Test/LiveTests/KeyVaultDataPlaneLiveTests/TestNetworkRuleSet.ps1 b/src/KeyVault/KeyVault.Test/LiveTests/KeyVaultDataPlaneLiveTests/TestNetworkRuleSet.ps1
new file mode 100644
index 000000000000..4c2f3d7299e2
--- /dev/null
+++ b/src/KeyVault/KeyVault.Test/LiveTests/KeyVaultDataPlaneLiveTests/TestNetworkRuleSet.ps1
@@ -0,0 +1,19 @@
+Invoke-LiveTestScenario -Name "Create key vault and specifies network rules" -Description "Create key vault and specifies network rules to allow access to the specified IP address" -ScenarioScript `
+{
+ param ($rg)
+
+ $rgName = $rg.ResourceGroupName
+ $vaultName = New-LiveTestResourceName
+ $vnName = New-LiveTestResourceName
+ $vaultLocation = "eastus"
+ $vnLocation = "westus"
+ $frontendSubnet = New-AzVirtualNetworkSubnetConfig -Name frontendSubnet -AddressPrefix "110.0.1.0/24" -ServiceEndpoint Microsoft.KeyVault
+ $virtualNetwork = New-AzVirtualNetwork -Name $vnName -ResourceGroupName $rg.ResourceGroupName -Location $vnLocation -AddressPrefix "110.0.0.0/16" -Subnet $frontendSubnet
+ $myNetworkResId = $virtualNetwork.Subnets[0].Id
+ $ruleSet = New-AzKeyVaultNetworkRuleSetObject -DefaultAction Allow -Bypass AzureServices -IpAddressRange "110.0.1.0/24" -VirtualNetworkResourceId $myNetworkResId
+ $keyvault = New-AzKeyVault -VaultName $vaultName -ResourceGroupName $rgName -Location $vaultLocation -NetworkRuleSet $ruleSet
+ Assert-AreEqual $keyvault.NetworkAcls.DefaultAction Allow
+ Assert-AreEqual $keyvault.NetworkAcls.Bypass AzureServices
+ # Assert-AreEqual $keyvault.NetworkAcls.VirtualNetworkResourceIds $myNetworkResId
+
+}
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault.Test/LiveTests/ManagedHsmDataPlaneLiveTests/TestSetting.ps1 b/src/KeyVault/KeyVault.Test/LiveTests/ManagedHsmDataPlaneLiveTests/TestSetting.ps1
new file mode 100644
index 000000000000..b1db4d1a6381
--- /dev/null
+++ b/src/KeyVault/KeyVault.Test/LiveTests/ManagedHsmDataPlaneLiveTests/TestSetting.ps1
@@ -0,0 +1,16 @@
+Invoke-LiveTestScenario -Name "Get and update key vault setting in a MSHM" -Description "Get and update a key vault setting in a MSHM" -ScenarioScript `
+{
+ param ($rg)
+
+ $rgName = $rg.ResourceGroupName
+ $hsmName = "bezmhsm" + (New-LiveTestRandomName -Option AllNumbers)
+ $hsmLocation = 'eastus2euap'
+ $adminId = (Get-AzADUser -StartsWith Beisi).Id
+ $hsmObject = New-AzKeyVaultManagedHsm -HsmName $hsmName -ResourceGroupName $rgName -Location $hsmLocation -Administrator $adminId
+ Start-Sleep 1800
+ New-AzKeyVaultRoleAssignment -HsmName $hsmName -RoleDefinitionName "Managed HSM Crypto User" -ObjectId $adminId
+ Export-AzKeyVaultSecurityDomain -Certificates "$PSScriptRoot\sd1.cer", "$PSScriptRoot\sd2.cer", "$PSScriptRoot\sd3.cer" -Quorum 2 -OutputPath $PSScriptRoot/sd.ps.json -Name $hsmName
+ $setting = $hsmObject | Get-AzKeyVaultSetting -Name "AllowKeyManagementOperationsThroughARM"
+ $updatedSetting= $setting | Update-AzKeyVaultSetting -Value true -PassThru
+ Assert-AreEqual $updatedSetting.Value "true"
+}
diff --git a/src/KeyVault/KeyVault.Test/LiveTests/ManagedHsmDataPlaneLiveTests/sd1.cer b/src/KeyVault/KeyVault.Test/LiveTests/ManagedHsmDataPlaneLiveTests/sd1.cer
new file mode 100644
index 000000000000..bcc606af68bb
--- /dev/null
+++ b/src/KeyVault/KeyVault.Test/LiveTests/ManagedHsmDataPlaneLiveTests/sd1.cer
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDazCCAlOgAwIBAgIUIUpinRAYmz8hRNFjYhxwI745OiAwDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDEwMTkwNjIyMDVaFw0yMTEw
+MTkwNjIyMDVaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDs+KM6KQpgNNhA+ZwIaqV1C2UCOHrcp7IaZv5q9GnV
+3vcqXxfzLH10T7H2o4/2VNtIayNuWxV9Kmq6/7MMYL49njecqsoGIIIUmhXr2Mb7
+R6i2H6ufUc6w7W/TkSFw+ZhGEDqD2ocJn4FoKGBUY4yppIgBxGk1f/9ehJ1VjQNY
+EqrfYjLgO5HL5hZNwwxqm4TUi+ITk+bcQ1412CQuHtfogQLXIoRDOhrcd8q0zCvS
+0EXmdm0EU688K1Jc16PW/yTsC+Rxlr7Nx54ItqyQq1fI2au1Hm7dvq3EGDsqWwZ8
+flUvOzOSHx+KXHX7Gq+dAVd2ojVcy12wBbMuPApqHpefAgMBAAGjUzBRMB0GA1Ud
+DgQWBBQI8DpMP9uV3CeqJUp+Li39skEGpzAfBgNVHSMEGDAWgBQI8DpMP9uV3Ceq
+JUp+Li39skEGpzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCh
+2c2R2REuskEc4L/A7FATW7oF7vkfdISUBwmyDjUdVpmJqYWFF58afd4wpj/qkRXa
+fbUznmqE7EIbWNjmXscA4uNXLFnPydpYuI7wq2QPkexSOb2isssOoF5E26rYL6UQ
+WV3xWVKDr+pNJc92kWm38rK7dMEHodHUOnOVJbwujS82DEYeN/LGFb+tEhJnfYH9
+mTvF6qeBiwWvkOhl9/UBBFQ21rEyVHbAE49o3o7a0LuVm6p3l7xMPVbP0QrTLZx7
+9XKTo6T/t2B2EV/D68kn9rdRtRJODOcoJD1Rk560Z4jaJocyeFSZ2EdI2UOAXwqN
+WM5V+1ufCMHCH6A9YNta
+-----END CERTIFICATE-----
diff --git a/src/KeyVault/KeyVault.Test/LiveTests/ManagedHsmDataPlaneLiveTests/sd2.cer b/src/KeyVault/KeyVault.Test/LiveTests/ManagedHsmDataPlaneLiveTests/sd2.cer
new file mode 100644
index 000000000000..59bb6a0e68db
--- /dev/null
+++ b/src/KeyVault/KeyVault.Test/LiveTests/ManagedHsmDataPlaneLiveTests/sd2.cer
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDazCCAlOgAwIBAgIUdhcv4h6Uqh0LhlCrHzMS0HirOzowDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDEwMTkwNjIxNDJaFw0yMTEw
+MTkwNjIxNDJaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC9HLiQac3z5yoOtWz3tZzEllri/ngtjLmArEJrBp8F
+Lixh//RtrYf3QgYhqiw/KSf0KKjstKpbddM7Vk9MdpGvo7E652Cgxa0grDtE6Tnn
+VHbmz+YWt/Uoka5CaXyrf8jmYdOKp10NYG6JKKTb2OZtgBfSADPLFR7h8t0umfAc
+w0SUVTNopAonWQ+stypUaW4drwuPhRJvbNtA9l1+XIdLkondaTd7MOrbqRMXa6p1
+PDZmwuA/SV9ckJcjt8BR4wJRd0OEFQi/2D+lvzVuhfYh4IjBDwGqI4UwP0TBvu0d
+bTYiDULmGT3e+lcaX9S8mR9C9CL38JYyUhnDEw7lNdsRAgMBAAGjUzBRMB0GA1Ud
+DgQWBBR75zgU+Tl1ZqmtUKOUwRwPz9vnOTAfBgNVHSMEGDAWgBR75zgU+Tl1Zqmt
+UKOUwRwPz9vnOTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAm
+iQcCWThTxFf5hL9MUYv2VoJYXQKyd7Fg99aE1Qq9QjeZtouein99Td5qVp+21ypb
+y6KyXELjyf7a8LYl+Odkrx/t9e3onjjFyhEu9HxzlOkXeghJP/r2tFS4cgdkCuzB
+Y5itX1VhLgVQAx9vdHCogBdSUAcpPEXD7af8W+EUgMhpfu5pX/JKhpB3GBRKvc5Y
+64RAN9GOtjskXzktswpVBN9oQEvH6rHm1VubBHCwURLpgOuBjseqITNDBTZTmHmG
+V5M3ia8tTIr84usy/I4vg1AVvtUSdKtn6CmDVcUomxY6I5EoPHaIzwxUQuaJ5PU4
+C3HchcURKKyW3KNogqRn
+-----END CERTIFICATE-----
diff --git a/src/KeyVault/KeyVault.Test/LiveTests/ManagedHsmDataPlaneLiveTests/sd3.cer b/src/KeyVault/KeyVault.Test/LiveTests/ManagedHsmDataPlaneLiveTests/sd3.cer
new file mode 100644
index 000000000000..783a42563dc3
--- /dev/null
+++ b/src/KeyVault/KeyVault.Test/LiveTests/ManagedHsmDataPlaneLiveTests/sd3.cer
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDazCCAlOgAwIBAgIUFLLPncJi3vW3IxmcFJ94d8EdyKQwDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDEwMTkwNjIxNTRaFw0yMTEw
+MTkwNjIxNTRaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCd7IwTwmgOM1UrCHQlxMROCQwr99FShBjWlJepYGFr
+JeaY8Cskm4b0odX0SYAXLH4hlmpMhRejf1MJPzBO/k7qUl+iqylbm00e+3HKlINa
+ga+1BsM0FN37Ek0UWLv39uxd/O0ys8tnheBXR/2V/dBoenk16n1RVaMkojodcdb4
+tvW64t+PgRWEmvj+yUcCSA/ty1KHjb+119gUbxuDHR3AkUlm2RWzzdBCS5HLJXN3
+VJqvAclEFC76KALIiHA/tGbI5QKofdYEidruRKmWhuuNv/V/CztXZfg1fPlc5sej
+CXG1Sd2CUASo7yWuxP4Li8i6wj3UarR+43CYOtnCULv1AgMBAAGjUzBRMB0GA1Ud
+DgQWBBSnQt/wdFqeVMTKt2eoVOcvz5+nLTAfBgNVHSMEGDAWgBSnQt/wdFqeVMTK
+t2eoVOcvz5+nLTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBH
+o3AcBaOV2sUe2LxcDiesGwP1BKC0u0gPxJ5CxiM/RfihuvuxmS5OwXBWfc/nwZ5t
+4rhYFQRlV9zt0X8tYbIaj6LtTgj18EFe7J4rsZVE4fmj+VSBYqLijcc0zkahYMNJ
+Hkh/dZG2S3bJGmZzupn4DhrhD577bAA2N88Gzf0rLnqpgK9pOFdJooZQbHm9Fs7M
+Gp9r4TJIdy9ocO6s3a62CRyiry0v6fJkcG5m3LRGxm3a5tkMWsIDdX4+hVOtfPrd
+ZExKEt73/wDsHPmNG/RouNIU8mYe+jXK6y1V4xH3xAuwVMK7jDAH0/D7AwM4eCtV
+YwxuRqXxRoG6oB1K0FCO
+-----END CERTIFICATE-----
diff --git a/src/KeyVault/KeyVault.Test/LiveTests/TestLiveScenarios.ps1 b/src/KeyVault/KeyVault.Test/LiveTests/TestLiveScenarios.ps1
index c1ca27a822ab..89623925de63 100644
--- a/src/KeyVault/KeyVault.Test/LiveTests/TestLiveScenarios.ps1
+++ b/src/KeyVault/KeyVault.Test/LiveTests/TestLiveScenarios.ps1
@@ -206,3 +206,6 @@ Invoke-LiveTestScenario -Name "Backup and restore key vault secret" -Description
Assert-AreEqual $vaultName2 $actual.VaultName
Assert-AreEqual $secretName $actual.Name
}
+
+& "$PSScriptRoot\KeyVaultDataPlaneLiveTests\TestNetworkRuleSet.ps1"
+# & "$PSScriptRoot\ManagedHsmDataPlaneLiveTests\TestSetting.ps1"
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/Az.KeyVault.psd1 b/src/KeyVault/KeyVault/Az.KeyVault.psd1
index f959d7f812e6..618ec363f050 100644
--- a/src/KeyVault/KeyVault/Az.KeyVault.psd1
+++ b/src/KeyVault/KeyVault/Az.KeyVault.psd1
@@ -131,7 +131,8 @@ CmdletsToExport = 'Add-AzKeyVaultCertificate', 'Update-AzKeyVaultCertificate',
'Undo-AzKeyVaultManagedStorageAccountRemoval',
'Add-AzKeyVaultNetworkRule', 'Update-AzKeyVaultNetworkRuleSet',
'Remove-AzKeyVaultNetworkRule', 'Export-AzKeyVaultSecurityDomain',
- 'Import-AzKeyVaultSecurityDomain'
+ 'Import-AzKeyVaultSecurityDomain',
+ 'Get-AzKeyVaultSetting', 'Update-AzKeyVaultSetting'
# Variables to export from this module
# VariablesToExport = @()
diff --git a/src/KeyVault/KeyVault/ChangeLog.md b/src/KeyVault/KeyVault/ChangeLog.md
index 6ddc285c31ce..9cde8316700b 100644
--- a/src/KeyVault/KeyVault/ChangeLog.md
+++ b/src/KeyVault/KeyVault/ChangeLog.md
@@ -18,10 +18,11 @@
- Additional information about change #1
-->
## Upcoming Release
+* Supported Setting for Managed HSM: Added `Get-AzKeyVaultSetting` and `Update-AzKeyVaultSetting`.
* Updated Azure.Core to 1.34.0.
## Version 4.10.2
-* Bug Fix: Removed depulicated IpRules from `NetworkRuleSet` and `MhsmNetworkRuleSet`. [#22472]
+* Bug Fix: Removed duplicated IpRules from `NetworkRuleSet` and `MhsmNetworkRuleSet`. [#22472]
## Version 4.10.1
* Removed maximum number for `IpAddressRange` and `VirtualNetworkResourceId` in `*-AzKeyVaultNetworkRuleSet*` from client side. [#22137]
diff --git a/src/KeyVault/KeyVault/Commands/Setting/GetAzKeyVaultSetting.cs b/src/KeyVault/KeyVault/Commands/Setting/GetAzKeyVaultSetting.cs
new file mode 100644
index 000000000000..499358426649
--- /dev/null
+++ b/src/KeyVault/KeyVault/Commands/Setting/GetAzKeyVaultSetting.cs
@@ -0,0 +1,82 @@
+using Microsoft.Azure.Commands.KeyVault.Models;
+using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
+
+using System;
+using System.Collections.Generic;
+using System.Management.Automation;
+using System.Text;
+
+namespace Microsoft.Azure.Commands.KeyVault.Commands.Setting
+{
+ [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzurePrefix + "KeyVaultSetting", DefaultParameterSetName = GetSettingViaFlattenParameters)]
+ [OutputType(typeof(PSKeyVaultSetting))]
+ public class GetAzKeyVaultSetting: KeyVaultCmdletBase
+ {
+ #region Parameter Set Names
+ private const string GetSettingViaFlattenParameters = "GetSettingViaFlattenParameters";
+ private const string GetSettingViaHsmObject = "GetSettingViaHsmObject";
+ private const string GetSettingViaHsmId = "GetSettingViaHsmId";
+ #endregion
+
+ #region Input Parameter Definitions
+
+ [Parameter(Mandatory = true,
+ Position = 0,
+ ParameterSetName = GetSettingViaFlattenParameters,
+ HelpMessage = "Name of the HSM.")]
+ [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")]
+ [ValidateNotNullOrEmpty]
+ public string HsmName;
+
+ [Parameter(Mandatory = true,
+ Position = 0,
+ ParameterSetName = GetSettingViaHsmObject,
+ ValueFromPipeline = true,
+ HelpMessage = "Hsm Object.")]
+ [ValidateNotNullOrEmpty]
+ public PSManagedHsm HsmObject;
+
+ [Parameter(Mandatory = true,
+ Position = 0,
+ ParameterSetName = GetSettingViaHsmId,
+ HelpMessage = "Hsm Resource Id.")]
+ [ValidateNotNullOrEmpty]
+ public string HsmId;
+
+ [Parameter(Mandatory = false,
+ Position = 1,
+ HelpMessage = "Name of the setting.")]
+ public string Name;
+
+ #endregion
+
+ public override void ExecuteCmdlet()
+ {
+ NormalizeParameterSets();
+
+ if (string.IsNullOrEmpty(Name))
+ {
+ WriteObject(this.Track2DataClient.GetManagedHsmSettings(HsmName), true);
+ }
+ else
+ {
+ WriteObject(this.Track2DataClient.GetManagedHsmSetting(HsmName, Name));
+ }
+ }
+
+ private void NormalizeParameterSets()
+ {
+ switch (ParameterSetName)
+ {
+ case GetSettingViaHsmId:
+ var parsedResourceId = new ResourceIdentifier(HsmId);
+ HsmName = parsedResourceId.ResourceName;
+ break;
+ case GetSettingViaHsmObject:
+ HsmName = HsmObject.VaultName;
+ break;
+ }
+ }
+ }
+}
diff --git a/src/KeyVault/KeyVault/Commands/Setting/UpdateAzKeyVaultSetting.cs b/src/KeyVault/KeyVault/Commands/Setting/UpdateAzKeyVaultSetting.cs
new file mode 100644
index 000000000000..98cac3956bb3
--- /dev/null
+++ b/src/KeyVault/KeyVault/Commands/Setting/UpdateAzKeyVaultSetting.cs
@@ -0,0 +1,127 @@
+using Microsoft.Azure.Commands.KeyVault.Models;
+using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
+using Microsoft.WindowsAzure.Commands.Utilities.Common;
+
+using System;
+using System.Collections.Generic;
+using System.Management.Automation;
+using System.Text;
+
+namespace Microsoft.Azure.Commands.KeyVault.Commands.Setting
+{
+ [Cmdlet(VerbsData.Update, ResourceManager.Common.AzureRMConstants.AzurePrefix + "KeyVaultSetting", DefaultParameterSetName = UpdateSettingViaFlattenValuesParameterSet, SupportsShouldProcess = true)]
+ [OutputType(typeof(PSKeyVaultSetting))]
+ public class UpdateAzKeyVaultSetting : KeyVaultCmdletBase
+ {
+ #region Parameter Set Names
+
+ private const string UpdateSettingViaFlattenValuesParameterSet = "UpdateSettingViaFlattenValues";
+ private const string UpdateSettingViaHsmObjectParameterSet = "UpdateSettingViaHsmObject";
+ private const string UpdateSettingViaHsmIdParameterSet = "UpdateSettingViaHsmId";
+ private const string UpdateSettingViaInputObjectParameterSet = "UpdateSettingViaInputObject";
+
+ #endregion
+
+ #region Input Parameter Definitions
+
+ ///
+ /// Hsm name
+ ///
+ [Parameter(Mandatory = true,
+ Position = 0,
+ ParameterSetName = UpdateSettingViaFlattenValuesParameterSet,
+ HelpMessage = "Name of the HSM.")]
+ [Parameter(Mandatory = false, Position = 0, ParameterSetName = UpdateSettingViaInputObjectParameterSet)]
+ [ResourceNameCompleter("Microsoft.KeyVault/managedHSMs", "FakeResourceGroupName")]
+ [ValidateNotNullOrEmpty]
+ public string HsmName { get; set; }
+
+ [Parameter(Mandatory = true,
+ Position = 0,
+ ParameterSetName = UpdateSettingViaHsmObjectParameterSet,
+ ValueFromPipeline = true,
+ HelpMessage = "Hsm Object.")]
+ [ValidateNotNullOrEmpty]
+ public PSManagedHsm HsmObject;
+
+ [Parameter(Mandatory = true,
+ Position = 0,
+ ParameterSetName = UpdateSettingViaHsmIdParameterSet,
+ HelpMessage = "Hsm Resource Id.")]
+ [ValidateNotNullOrEmpty]
+ public string HsmId;
+
+ ///
+ /// Name of the setting
+ ///
+ [Parameter(Mandatory = true,
+ Position = 1,
+ ParameterSetName = UpdateSettingViaFlattenValuesParameterSet,
+ HelpMessage = "Name of the setting.")]
+ [Parameter(Mandatory = true,
+ Position = 1,
+ ParameterSetName = UpdateSettingViaHsmObjectParameterSet)]
+ [Parameter(Mandatory = true,
+ Position = 1,
+ ParameterSetName = UpdateSettingViaHsmIdParameterSet)]
+ public string Name { get; set; }
+
+ ///
+ /// Resource group name
+ ///
+ [Parameter(Mandatory = true, Position = 2, ParameterSetName = UpdateSettingViaFlattenValuesParameterSet,
+ HelpMessage = "Value of the setting.")]
+ [Parameter(Mandatory = true, Position = 2, ParameterSetName = UpdateSettingViaHsmObjectParameterSet)]
+ [Parameter(Mandatory = true, Position = 2, ParameterSetName = UpdateSettingViaHsmIdParameterSet)]
+ [Parameter(Mandatory = false, Position = 2, ParameterSetName = UpdateSettingViaInputObjectParameterSet)]
+ public string Value { get; set; }
+
+ [Parameter(Mandatory = true,
+ Position = 1,
+ ParameterSetName = UpdateSettingViaInputObjectParameterSet,
+ ValueFromPipeline = true,
+ HelpMessage = "The location of the deleted vault.")]
+ [ValidateNotNullOrEmpty()]
+ public PSKeyVaultSetting InputObject { get; set; }
+
+ [Parameter(Mandatory = false, HelpMessage = "Cmdlet does not return object by default. If this switch is specified, return Secret object.")]
+ public SwitchParameter PassThru { get; set; }
+
+ #endregion
+
+ public override void ExecuteCmdlet()
+ {
+ NormalizeParameterSets();
+ if (ShouldProcess(InputObject.Name, Properties.Resources.UpdateKeyVaultSetting)) {
+ var setting = Track2DataClient.UpdateManagedHsmSetting(InputObject);
+ if(PassThru.IsPresent) WriteObject(setting);
+ }
+ }
+
+ private void NormalizeParameterSets()
+ {
+ switch (ParameterSetName)
+ {
+ case UpdateSettingViaHsmIdParameterSet:
+ var parsedResourceId = new ResourceIdentifier(HsmId);
+ HsmName = parsedResourceId.ResourceName;
+ break;
+ case UpdateSettingViaHsmObjectParameterSet:
+ HsmName = HsmObject.VaultName;
+ break;
+ case UpdateSettingViaInputObjectParameterSet:
+ InputObject.HsmName = HsmName;
+ break;
+ }
+ if (!ParameterSetName.Equals(UpdateSettingViaInputObjectParameterSet))
+ {
+ InputObject = Track2DataClient.GetManagedHsmSetting(HsmName, Name);
+ }
+ if (this.IsParameterBound(c => c.Value))
+ {
+ InputObject.Value = this.Value;
+ }
+ }
+ }
+}
diff --git a/src/KeyVault/KeyVault/KeyVault.csproj b/src/KeyVault/KeyVault/KeyVault.csproj
index 8fee97be98a7..364e42fe696b 100644
--- a/src/KeyVault/KeyVault/KeyVault.csproj
+++ b/src/KeyVault/KeyVault/KeyVault.csproj
@@ -1,4 +1,4 @@
-
+
KeyVault
@@ -12,7 +12,7 @@
-
+
diff --git a/src/KeyVault/KeyVault/KeyVault.format.ps1xml b/src/KeyVault/KeyVault/KeyVault.format.ps1xml
index 68837e02d45d..343e3ff3275b 100644
--- a/src/KeyVault/KeyVault/KeyVault.format.ps1xml
+++ b/src/KeyVault/KeyVault/KeyVault.format.ps1xml
@@ -607,6 +607,55 @@
+
+
+ Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultSetting
+
+ Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultSetting
+
+
+
+
+ Left
+
+
+
+ Left
+
+
+
+ Left
+
+
+
+ Left
+
+
+
+
+
+
+
+ Left
+ Name
+
+
+ Left
+ Value
+
+
+ Left
+ Type
+
+
+ Left
+ HsmName
+
+
+
+
+
+
Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
diff --git a/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs
index 6e13e202d3c3..476736b2751f 100644
--- a/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs
+++ b/src/KeyVault/KeyVault/Models/IKeyVaultDataServiceClient.cs
@@ -261,5 +261,14 @@ public interface IKeyVaultDataServiceClient
void RemoveHsmRoleAssignment(string hsmName, string scope, string roleAssignmentName);
void RemoveHsmRoleDefinition(string hsmName, string scope, string name);
#endregion
+
+ #region
+ IEnumerable GetManagedHsmSettings(string managedHsm);
+
+ PSKeyVaultSetting GetManagedHsmSetting(string managedHsm, string settingName);
+
+ PSKeyVaultSetting UpdateManagedHsmSetting(PSKeyVaultSetting psSettingParams);
+
+ #endregion
}
}
diff --git a/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs
index 77fa0982078c..d86e4c22ea75 100644
--- a/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs
+++ b/src/KeyVault/KeyVault/Models/KeyVaultDataServiceClient.cs
@@ -2238,5 +2238,23 @@ public PSKeyRotationPolicy SetManagedHsmKeyRotationPolicy(PSKeyRotationPolicy ke
#endregion
#endregion
+
+ #region Setting
+ public IEnumerable GetManagedHsmSettings(string managedHsm)
+ {
+ throw new NotImplementedException();
+ }
+
+ public PSKeyVaultSetting GetManagedHsmSetting(string managedHsm, string settingName)
+ {
+ throw new NotImplementedException();
+ }
+
+ public PSKeyVaultSetting UpdateManagedHsmSetting(PSKeyVaultSetting psSettingParams)
+ {
+ throw new NotImplementedException();
+ }
+
+ #endregion
}
}
diff --git a/src/KeyVault/KeyVault/Models/PSKeyVaultSetting.cs b/src/KeyVault/KeyVault/Models/PSKeyVaultSetting.cs
new file mode 100644
index 000000000000..06d3019c67fb
--- /dev/null
+++ b/src/KeyVault/KeyVault/Models/PSKeyVaultSetting.cs
@@ -0,0 +1,48 @@
+using Azure.Security.KeyVault.Administration;
+
+using System;
+using System.Collections.Generic;
+using System.Text;
+
+namespace Microsoft.Azure.Commands.KeyVault.Models
+{
+ public class PSKeyVaultSetting
+ {
+ ///
+ /// The account setting to be updated.
+ ///
+ public string HsmName;
+
+ ///
+ /// The account setting to be updated.
+ ///
+ public string Name;
+
+ ///
+ /// Gets the type specifier of the value.
+ ///
+ public string Type;
+
+ ///
+ /// Gets the value of the account setting.
+ ///
+ public string Value;
+
+ public PSKeyVaultSetting() { }
+
+
+ public PSKeyVaultSetting(KeyVaultSetting keyVaultSetting, string hsmName = null)
+ {
+ if (null != keyVaultSetting)
+ {
+ Name = keyVaultSetting.Name;
+ Type = keyVaultSetting.SettingType?.ToString();
+ Value = keyVaultSetting.Value.ToString();
+ }
+ HsmName = hsmName;
+ }
+
+ public override string ToString() => $"{Name}={Value} ({Type ?? string.Empty})";
+
+ }
+}
diff --git a/src/KeyVault/KeyVault/Properties/Resources.Designer.cs b/src/KeyVault/KeyVault/Properties/Resources.Designer.cs
index 0bbff0d47e57..f697407dd935 100644
--- a/src/KeyVault/KeyVault/Properties/Resources.Designer.cs
+++ b/src/KeyVault/KeyVault/Properties/Resources.Designer.cs
@@ -1476,6 +1476,15 @@ internal static string UpdateHsmShouldProcessMessage {
}
}
+ ///
+ /// Looks up a localized string similar to Update vault setting.
+ ///
+ internal static string UpdateKeyVaultSetting {
+ get {
+ return ResourceManager.GetString("UpdateKeyVaultSetting", resourceCulture);
+ }
+ }
+
///
/// Looks up a localized string similar to Update vault network rule.
///
diff --git a/src/KeyVault/KeyVault/Properties/Resources.resx b/src/KeyVault/KeyVault/Properties/Resources.resx
index 5600421e1747..c925f124def1 100644
--- a/src/KeyVault/KeyVault/Properties/Resources.resx
+++ b/src/KeyVault/KeyVault/Properties/Resources.resx
@@ -615,4 +615,7 @@ You can find the object ID using Azure Active Directory Module for Windows Power
Fetching default CVM policy from remote failed because {0}. Trying to fetch default CVM policy from local backup copy.
+
+ Update vault setting
+
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs
index c8e26844e464..79e2ce41d537 100644
--- a/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs
+++ b/src/KeyVault/KeyVault/Track2Models/Track2HsmClient.cs
@@ -15,6 +15,8 @@
using Azure.Security.KeyVault.Keys.Cryptography;
using Microsoft.WindowsAzure.Commands.Utilities.Common;
using System.Xml;
+using Microsoft.Azure.Management.WebSites.Version2016_09_01.Models;
+using Microsoft.Azure.Commands.Common.Exceptions;
namespace Microsoft.Azure.Commands.KeyVault.Track2Models
{
@@ -27,6 +29,7 @@ internal class Track2HsmClient
private KeyVaultBackupClient CreateBackupClient(string hsmName) => new KeyVaultBackupClient(_uriHelper.CreateVaultUri(hsmName), _credential);
private KeyVaultAccessControlClient CreateRbacClient(string hsmName) => new KeyVaultAccessControlClient(_uriHelper.CreateVaultUri(hsmName), _credential);
private CryptographyClient CreateCryptographyClient(string keyId) => new CryptographyClient(new Uri(keyId), _credential);
+ private KeyVaultSettingsClient CreateKeyVaultSettingsClient(string hsmName) => new KeyVaultSettingsClient(_uriHelper.CreateVaultUri(hsmName), _credential);
public Track2HsmClient(IAuthenticationFactory authFactory, IAzureContext context)
{
@@ -669,5 +672,75 @@ internal void RemoveHsmRoleDefinition(string hsmName, string scope, string roleD
client.DeleteRoleDefinitionAsync(new KeyVaultRoleScope(scope), Guid.Parse(roleDefinitionName)).ConfigureAwait(false).GetAwaiter().GetResult();
}
#endregion
+
+ #region Setting
+ ///
+ ///
+ ///
+ ///
+ /// The name of the account setting
+ ///
+ ///
+ internal PSKeyVaultSetting GetSetting(string managedHsmName, string settingName)
+ {
+ if (string.IsNullOrEmpty(managedHsmName))
+ throw new ArgumentNullException("managedHsmName");
+ if (string.IsNullOrEmpty(settingName))
+ throw new ArgumentNullException("settingName");
+
+ var client = CreateKeyVaultSettingsClient(managedHsmName);
+ try
+ {
+ return new PSKeyVaultSetting(client.GetSetting(settingName), managedHsmName);
+ }
+ catch (Exception ex)
+ {
+ throw GetInnerException(ex);
+ }
+ }
+
+ internal IEnumerable GetSettings(string managedHsmName)
+ {
+ if (string.IsNullOrEmpty(managedHsmName))
+ throw new ArgumentNullException("managedHsmName");
+ var client = CreateKeyVaultSettingsClient(managedHsmName);
+ try
+ {
+ GetSettingsResult result = client.GetSettings();
+ return null == result ? new List() :
+ result.Settings?.Select(s => new PSKeyVaultSetting(s, managedHsmName));
+ }
+ catch (Exception ex)
+ {
+ throw GetInnerException(ex);
+ }
+ }
+
+ internal PSKeyVaultSetting UpdateSetting(PSKeyVaultSetting psSettingParams)
+ {
+ if (string.IsNullOrEmpty(psSettingParams?.HsmName))
+ throw new ArgumentNullException("managedHsmName");
+ if (null == psSettingParams?.Value)
+ throw new ArgumentNullException("settingValue");
+
+ var client = CreateKeyVaultSettingsClient(psSettingParams.HsmName);
+ try
+ {
+ if (bool.TryParse(psSettingParams.Value, out var result))
+ {
+ return new PSKeyVaultSetting(client.UpdateSetting(new KeyVaultSetting(psSettingParams.Name, result)), psSettingParams.HsmName);
+ }
+ else
+ {
+ throw new AzPSArgumentException("Only supports updating KeyVaultSetting.Value as boolean", "KeyVaultSettingValue");
+ }
+
+ }
+ catch (Exception ex)
+ {
+ throw GetInnerException(ex);
+ }
+ }
+ #endregion
}
}
diff --git a/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs b/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs
index cb4fe26e63d2..714d21a65a76 100644
--- a/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs
+++ b/src/KeyVault/KeyVault/Track2Models/Track2KeyVaultDataServiceClient.cs
@@ -621,5 +621,22 @@ public PSKeyRotationPolicy SetManagedHsmKeyRotationPolicy(PSKeyRotationPolicy ke
}
#endregion
+ #region Setting
+ public IEnumerable GetManagedHsmSettings(string managedHsm)
+ {
+ return HsmClient.GetSettings(managedHsm);
+ }
+
+ public PSKeyVaultSetting GetManagedHsmSetting(string managedHsm, string settingName)
+ {
+ return HsmClient.GetSetting(managedHsm, settingName);
+ }
+
+ public PSKeyVaultSetting UpdateManagedHsmSetting(PSKeyVaultSetting psSettingParams)
+ {
+ return HsmClient.UpdateSetting(psSettingParams);
+ }
+ #endregion
+
}
}
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/help/Az.KeyVault.md b/src/KeyVault/KeyVault/help/Az.KeyVault.md
index 5e37166d1356..479a0aa11e77 100644
--- a/src/KeyVault/KeyVault/help/Az.KeyVault.md
+++ b/src/KeyVault/KeyVault/help/Az.KeyVault.md
@@ -65,6 +65,9 @@ Gets the policy for a certificate in a key vault.
### [Get-AzKeyVaultKey](Get-AzKeyVaultKey.md)
Gets Key Vault keys. Please notes that detailed information about a key, like key type or key size, only available when querying a specific key version.
+### [Get-AzKeyVaultKeyRotationPolicy](Get-AzKeyVaultKeyRotationPolicy.md)
+Gets the key rotation policy for the specified key in Key Vault.
+
### [Get-AzKeyVaultManagedHsm](Get-AzKeyVaultManagedHsm.md)
Get managed HSMs.
@@ -74,6 +77,9 @@ Gets Key Vault managed Azure Storage Accounts.
### [Get-AzKeyVaultManagedStorageSasDefinition](Get-AzKeyVaultManagedStorageSasDefinition.md)
Gets Key Vault managed Storage SAS Definitions.
+### [Get-AzKeyVaultRandomNumber](Get-AzKeyVaultRandomNumber.md)
+Get the requested number of bytes containing random values from a managed HSM.
+
### [Get-AzKeyVaultRoleAssignment](Get-AzKeyVaultRoleAssignment.md)
Get or list role assignments of a managed HSM. Use respective parameters to list assignments to a specific user or a role definition.
@@ -92,6 +98,9 @@ Imports previously exported security domain data to a managed HSM.
### [Invoke-AzKeyVaultKeyOperation](Invoke-AzKeyVaultKeyOperation.md)
Performs operation like "Encrypt", "Decrypt", "Wrap" or "Unwrap" using a specified key stored in a key vault or managed hsm.
+### [Invoke-AzKeyVaultKeyRotation](Invoke-AzKeyVaultKeyRotation.md)
+Creates a new key version in Key Vault, stores it, then returns the new key.
+
### [New-AzKeyVault](New-AzKeyVault.md)
Creates a key vault.
@@ -138,7 +147,7 @@ Deletes a certificate operation from a key vault.
Deletes a key in a key vault.
### [Remove-AzKeyVaultManagedHsm](Remove-AzKeyVaultManagedHsm.md)
-Deletes a managed HSM.
+Deletes/Purges a managed HSM.
### [Remove-AzKeyVaultManagedStorageAccount](Remove-AzKeyVaultManagedStorageAccount.md)
Removes a Key Vault managed Azure Storage Account and all associated SAS definitions.
@@ -182,6 +191,9 @@ Sets a certificate issuer in a key vault.
### [Set-AzKeyVaultCertificatePolicy](Set-AzKeyVaultCertificatePolicy.md)
Creates or updates the policy for a certificate in a key vault.
+### [Set-AzKeyVaultKeyRotationPolicy](Set-AzKeyVaultKeyRotationPolicy.md)
+Sets the key rotation policy for the specified key in Key Vault.
+
### [Set-AzKeyVaultManagedStorageSasDefinition](Set-AzKeyVaultManagedStorageSasDefinition.md)
Sets a Shared Access Signature (SAS) definition with Key Vault for a given Key Vault managed Azure Storage Account.
@@ -197,6 +209,9 @@ Recovers a deleted certificate in a key vault into an active state.
### [Undo-AzKeyVaultKeyRemoval](Undo-AzKeyVaultKeyRemoval.md)
Recovers a deleted key in a key vault into an active state.
+### [Undo-AzKeyVaultManagedHsmRemoval](Undo-AzKeyVaultManagedHsmRemoval.md)
+Recover a managed HSM.
+
### [Undo-AzKeyVaultManagedStorageAccountRemoval](Undo-AzKeyVaultManagedStorageAccountRemoval.md)
Recovers a previously deleted KeyVault-managed storage account.
@@ -206,9 +221,6 @@ Recovers a previously deleted KeyVault-managed storage SAS definition.
### [Undo-AzKeyVaultRemoval](Undo-AzKeyVaultRemoval.md)
Recovers a deleted key vault into an active state.
-### [Undo-AzKeyVaultManagedHsmRemoval](./Undo-AzKeyVaultManagedHsmRemoval.md)
-Recovers a deleted HSM into an active state.
-
### [Undo-AzKeyVaultSecretRemoval](Undo-AzKeyVaultSecretRemoval.md)
Recovers a deleted secret in a key vault into an active state.
diff --git a/src/KeyVault/KeyVault/help/Get-AzKeyVaultCertificate.md b/src/KeyVault/KeyVault/help/Get-AzKeyVaultCertificate.md
index 5625896a9a12..a5b00e3e5ac7 100644
--- a/src/KeyVault/KeyVault/help/Get-AzKeyVaultCertificate.md
+++ b/src/KeyVault/KeyVault/help/Get-AzKeyVaultCertificate.md
@@ -224,8 +224,8 @@ Name : test2
Version :
Id : https://ContosoKV01.vault.azure.net:443/certificates/test2
```
-This command gets all certificates starting with "test" from the key vault named ContosoKV01.
+This command gets all certificates starting with "test" from the key vault named ContosoKV01.
## PARAMETERS
diff --git a/src/KeyVault/KeyVault/help/Get-AzKeyVaultManagedHsm.md b/src/KeyVault/KeyVault/help/Get-AzKeyVaultManagedHsm.md
index 7782df781fd1..8c0fd08fa086 100644
--- a/src/KeyVault/KeyVault/help/Get-AzKeyVaultManagedHsm.md
+++ b/src/KeyVault/KeyVault/help/Get-AzKeyVaultManagedHsm.md
@@ -12,7 +12,7 @@ Get managed HSMs.
## SYNTAX
-### GetManagedHsm
+### GetManagedHsm (Default)
```
Get-AzKeyVaultManagedHsm [[-Name] ] [[-ResourceGroupName] ] [-Tag ]
[-DefaultProfile ] [-SubscriptionId ] []
@@ -95,6 +95,7 @@ This command gets all managed HSMs in the subscription that start with "myhsm".
```powershell
Get-AzKeyVaultManagedHsm -InRemovedState
```
+
```output
Name Location DeletionDate ScheduledPurgeDate Purge Protection Enabled?
---- -------- ------------ ------------------ -------------------------
diff --git a/src/KeyVault/KeyVault/help/Get-AzKeyVaultSecret.md b/src/KeyVault/KeyVault/help/Get-AzKeyVaultSecret.md
index 03fd787d636a..f328b06658ca 100644
--- a/src/KeyVault/KeyVault/help/Get-AzKeyVaultSecret.md
+++ b/src/KeyVault/KeyVault/help/Get-AzKeyVaultSecret.md
@@ -291,7 +291,7 @@ Register-SecretVault -Name AzKeyVault -ModuleName Az.KeyVault -VaultParameters @
# Set secret for vault AzKeyVault
$secure = ConvertTo-SecureString -String "Password" -AsPlainText -Force
Set-Secret -Vault AzKeyVault -Name secureSecret -SecureStringSecret $secure
-Get-Secret -Vault AzKeyVault -Name secureSecret -AsPlainText
+Get-Secret -Vault AzKeyVault -Name secureSecret -AsPlainText
```
```output
diff --git a/src/KeyVault/KeyVault/help/Get-AzKeyVaultSetting.md b/src/KeyVault/KeyVault/help/Get-AzKeyVaultSetting.md
new file mode 100644
index 000000000000..a33d5ed616b1
--- /dev/null
+++ b/src/KeyVault/KeyVault/help/Get-AzKeyVaultSetting.md
@@ -0,0 +1,203 @@
+---
+external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml
+Module Name: Az.KeyVault
+online version: https://learn.microsoft.com/powershell/module/az.keyvault/get-azkeyvaultsetting
+schema: 2.0.0
+---
+
+# Get-AzKeyVaultSetting
+
+## SYNOPSIS
+Retrieves a specified key vault account setting or all available key vault account settings that can be configured.
+
+## SYNTAX
+
+### GetSettingViaFlattenParameters (Default)
+```
+Get-AzKeyVaultSetting [-DefaultProfile ] [-HsmName] [[-Name] ]
+ []
+```
+
+### GetSettingViaHsmObject
+```
+Get-AzKeyVaultSetting [-DefaultProfile ] [-HsmObject] [[-Name] ]
+ []
+```
+
+### GetSettingViaHsmId
+```
+Get-AzKeyVaultSetting [-DefaultProfile ] [-HsmId] [[-Name] ]
+ []
+```
+
+## DESCRIPTION
+The **Get-AzKeyVaultSetting** cmdlet gets key vault account settings.
+This cmdlet gets a specific key vault account setting or all key vault account settings.
+
+## EXAMPLES
+
+### Example 1: Get all account settings in a Managed HSM
+```powershell
+Get-AzKeyVaultSetting -HsmName testmhsm
+```
+```output
+Name Value Type HSM Name
+---- ----- ---- --------
+AllowKeyManagementOperationsThroughARM false boolean testmhsm
+```
+
+This cmdlet gets all account settings in a Managed HSM named `testmhsm`.
+
+### Example 2: Get a specific key vault account setting in a Managed HSM
+```powershell
+Get-AzKeyVaultSetting -HsmName testmhsm -Name AllowKeyManagementOperationsThroughARM
+```
+```output
+Name Value Type HSM Name
+---- ----- ---- --------
+AllowKeyManagementOperationsThroughARM false boolean testmhsm
+```
+
+This cmdlet gets a specific key vault account setting named `AllowKeyManagementOperationsThroughARM` in a Managed HSM named `testmhsm`.
+
+### Example 3: Get a specific key vault account setting in a Managed HSM via HsmObject
+```powershell
+$hsmObject = Get-AzKeyVaultManagedHsm -Name testmhsm
+Get-AzKeyVaultSetting -HsmObject $hsmObject -Name AllowKeyManagementOperationsThroughARM
+```
+```output
+Name Value Type HSM Name
+---- ----- ---- --------
+AllowKeyManagementOperationsThroughARM false boolean testmhsm
+```
+
+This cmdlet gets a specific key vault account setting named `AllowKeyManagementOperationsThroughARM` in a Managed HSM named `testmhsm` via HsmObject.
+
+### Example 4: Get a specific key vault account setting in a Managed HSM by piping HsmObject
+```powershell
+Get-AzKeyVaultManagedHsm -Name testmhsm | Get-AzKeyVaultSetting -Name AllowKeyManagementOperationsThroughARM
+```
+```output
+Name Value Type HSM Name
+---- ----- ---- --------
+AllowKeyManagementOperationsThroughARM false boolean testmhsm
+```
+
+This cmdlet gets a specific key vault account setting named `AllowKeyManagementOperationsThroughARM` in a Managed HSM named `testmhsm` via HsmObject.
+
+### Example 4: Get a specific key vault account setting in a Managed HSM by piping HsmObject
+```powershell
+Get-AzKeyVaultManagedHsm -Name testmhsm | Get-AzKeyVaultSetting -Name AllowKeyManagementOperationsThroughARM
+```
+```output
+Name Value Type HSM Name
+---- ----- ---- --------
+AllowKeyManagementOperationsThroughARM false boolean testmhsm
+```
+
+This cmdlet gets a specific key vault account setting named `AllowKeyManagementOperationsThroughARM` in a Managed HSM named `testmhsm` by piping HsmObject.
+
+### Example 5: Get a specific key vault account setting in a Managed HSM via HsmId
+```powershell
+Get-AzKeyVaultSetting -HsmId /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg/providers/Microsoft.KeyVault/managedHSMs/testmhsm -Name AllowKeyManagementOperationsThroughARM
+```
+```output
+Name Value Type HSM Name
+---- ----- ---- --------
+AllowKeyManagementOperationsThroughARM false boolean testmhsm
+```
+
+This cmdlet gets a specific key vault account setting named `AllowKeyManagementOperationsThroughARM` in a Managed HSM named `testmhsm` via HsmId.
+
+## PARAMETERS
+
+### -DefaultProfile
+The credentials, account, tenant, and subscription used for communication with Azure.
+
+```yaml
+Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
+Parameter Sets: (All)
+Aliases: AzContext, AzureRmContext, AzureCredential
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -HsmId
+Hsm Resource Id.
+
+```yaml
+Type: System.String
+Parameter Sets: GetSettingViaHsmId
+Aliases:
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -HsmName
+Name of the HSM.
+
+```yaml
+Type: System.String
+Parameter Sets: GetSettingViaFlattenParameters
+Aliases:
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -HsmObject
+Hsm Object.
+
+```yaml
+Type: Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+Parameter Sets: GetSettingViaHsmObject
+Aliases:
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: True (ByValue)
+Accept wildcard characters: False
+```
+
+### -Name
+Name of the setting.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: 1
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+
+## OUTPUTS
+
+### Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultSetting
+
+## NOTES
+
+## RELATED LINKS
+[Update-AzKeyVaultSetting](./Update-AzKeyVaultSetting.md)
\ No newline at end of file
diff --git a/src/KeyVault/KeyVault/help/New-AzKeyVault.md b/src/KeyVault/KeyVault/help/New-AzKeyVault.md
index 546b79b05e52..c20c289415bb 100644
--- a/src/KeyVault/KeyVault/help/New-AzKeyVault.md
+++ b/src/KeyVault/KeyVault/help/New-AzKeyVault.md
@@ -164,6 +164,7 @@ Network Rule Set :
Tags :
```
+
Creating a key vault and specifies network rules to allow access to the specified IP address from the virtual network identified by $myNetworkResId. See `New-AzKeyVaultNetworkRuleSetObject` for more information.
## PARAMETERS
diff --git a/src/KeyVault/KeyVault/help/Remove-AzKeyVaultSecret.md b/src/KeyVault/KeyVault/help/Remove-AzKeyVaultSecret.md
index 98cefca38ed6..de521737e47e 100644
--- a/src/KeyVault/KeyVault/help/Remove-AzKeyVaultSecret.md
+++ b/src/KeyVault/KeyVault/help/Remove-AzKeyVaultSecret.md
@@ -96,7 +96,6 @@ None
This example removes a secret named `secureSecret` in Azure Key Vault `test-kv` by command `Remove-Secret` in module `Microsoft.PowerShell.SecretManagement`.
-
### Example 4: Purge deleted secret from the key vault permanently
```powershell
Remove-AzKeyVaultSecret -VaultName 'Contoso' -Name 'FinanceSecret' -InRemovedState
diff --git a/src/KeyVault/KeyVault/help/Set-AzKeyVaultKeyRotationPolicy.md b/src/KeyVault/KeyVault/help/Set-AzKeyVaultKeyRotationPolicy.md
index 10a81cbe2974..5a7105feddee 100644
--- a/src/KeyVault/KeyVault/help/Set-AzKeyVaultKeyRotationPolicy.md
+++ b/src/KeyVault/KeyVault/help/Set-AzKeyVaultKeyRotationPolicy.md
@@ -88,7 +88,7 @@ KeyName : test-keyAM +00:00
LifetimeActions : {[Action: Notify, TimeAfterCreate: , TimeBeforeExpiry: P30D]}
ExpiresIn : P2Y
CreatedOn : 12/10/2021 3:21:51 AM +00:00
-UpdatedOn : 6/9/2022 7:43:27
+UpdatedOn : 6/9/2022 7:43:27
```
These commands set the rotation policy of key `test-key` by JSON file.
@@ -105,7 +105,7 @@ KeyName : test-keyAM +00:00
LifetimeActions : {[Action: Notify, TimeAfterCreate: , TimeBeforeExpiry: P30D]}
ExpiresIn : P2Y
CreatedOn : 12/10/2021 3:21:51 AM +00:00
-UpdatedOn : 6/9/2022 7:43:27
+UpdatedOn : 6/9/2022 7:43:27
```
These commands set the expiry time will be applied on the new key version of `test-key` as 2 years.
@@ -132,7 +132,7 @@ These commands set the duration before expiry to attempt to rotate `test-key` as
```powershell
$policy = Get-AzKeyVaultKeyRotationPolicy -VaultName test-kv -Name test-key1
$policy.KeyName = "test-key2"
-$policy | Set-AzKeyVaultKeyRotationPolicy
+$policy | Set-AzKeyVaultKeyRotationPolicy
```
```output
diff --git a/src/KeyVault/KeyVault/help/Update-AzKeyVaultSetting.md b/src/KeyVault/KeyVault/help/Update-AzKeyVaultSetting.md
new file mode 100644
index 000000000000..04a3f1811b8e
--- /dev/null
+++ b/src/KeyVault/KeyVault/help/Update-AzKeyVaultSetting.md
@@ -0,0 +1,295 @@
+---
+external help file: Microsoft.Azure.PowerShell.Cmdlets.KeyVault.dll-Help.xml
+Module Name: Az.KeyVault
+online version: https://learn.microsoft.com/powershell/module/az.keyvault/update-azkeyvaultsetting
+schema: 2.0.0
+---
+
+# Update-AzKeyVaultSetting
+
+## SYNOPSIS
+Update specific setting associated with the managed HSM.
+
+## SYNTAX
+
+### UpdateSettingViaFlattenValues (Default)
+```
+Update-AzKeyVaultSetting [-HsmName] [-Name] [-Value] [-PassThru]
+ [-DefaultProfile ] [-WhatIf] [-Confirm] []
+```
+
+### UpdateSettingViaInputObject
+```
+Update-AzKeyVaultSetting [[-HsmName] ] [[-Value] ] [-InputObject]
+ [-PassThru] [-DefaultProfile ] [-WhatIf] [-Confirm] []
+```
+
+### UpdateSettingViaHsmObject
+```
+Update-AzKeyVaultSetting [-Name] [-Value] [-PassThru]
+ [-DefaultProfile ] [-HsmObject] [-WhatIf] [-Confirm]
+ []
+```
+
+### UpdateSettingViaHsmId
+```
+Update-AzKeyVaultSetting [-Name] [-Value] [-PassThru]
+ [-DefaultProfile ] [-HsmId] [-WhatIf] [-Confirm] []
+```
+
+## DESCRIPTION
+The **Update-AzKeyVaultSetting** cmdlet updates key vault account settings.
+This cmdlet updates a specific key vault account setting.
+
+## EXAMPLES
+
+### Example 1: Update a specific key vault account setting
+```powershell
+Update-AzKeyVaultSetting -HsmName testmhsm -Name AllowKeyManagementOperationsThroughARM -Value true -PassThru
+```
+
+```output
+Name Value Type HSM Name
+---- ----- ---- --------
+AllowKeyManagementOperationsThroughARM true boolean testmhsm
+```
+
+Update a specific key vault account setting named `AllowKeyManagementOperationsThroughARM` in a Managed Hsm named `testmhsm`.
+
+### Example 2: Update a specific key vault account setting same as another account setting
+```powershell
+$setting = Get-AzKeyVaultSetting -HsmName testmhsm1 -Name AllowKeyManagementOperationsThroughARM
+$setting | Update-AzKeyVaultSetting -HsmName testmhsm2 -PassThru
+```
+
+```output
+Name Value Type HSM Name
+---- ----- ---- --------
+AllowKeyManagementOperationsThroughARM true boolean testmhsm2
+```
+
+Update a specific key vault account setting named `AllowKeyManagementOperationsThroughARM` in a Managed Hsm named `testmhsm2` same with `testmhsm1`.
+
+### Example 3: Update a specific key vault account setting via HsmObject
+
+```powershell
+$hsmObject = Get-AzKeyVaultManagedHsm -Name testmhsm
+Update-AzKeyVaultSetting -HsmObject $hsmObject -Name AllowKeyManagementOperationsThroughARM -Value true -PassThru
+```
+
+```output
+Name Value Type HSM Name
+---- ----- ---- --------
+AllowKeyManagementOperationsThroughARM true boolean testmhsm
+```
+
+Update a specific key vault account setting named `AllowKeyManagementOperationsThroughARM` in a Managed Hsm named `testmhsm` via HsmObject.
+
+### Example 4: Update a specific key vault account setting via HsmId
+
+```powershell
+$hsmObject = Get-AzKeyVaultManagedHsm -Name testmhsm
+Update-AzKeyVaultSetting -HsmId /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/test-rg/providers/Microsoft.KeyVault/managedHSMs/testmhsm-Name AllowKeyManagementOperationsThroughARM -Value true -PassThru
+```
+
+```output
+Name Value Type HSM Name
+---- ----- ---- --------
+AllowKeyManagementOperationsThroughARM true boolean testmhsm
+```
+
+Update a specific key vault account setting named `AllowKeyManagementOperationsThroughARM` in a Managed Hsm named `testmhsm` via HsmObject.
+
+## PARAMETERS
+
+### -DefaultProfile
+The credentials, account, tenant, and subscription used for communication with Azure.
+
+```yaml
+Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
+Parameter Sets: (All)
+Aliases: AzContext, AzureRmContext, AzureCredential
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -HsmId
+Hsm Resource Id.
+
+```yaml
+Type: System.String
+Parameter Sets: UpdateSettingViaHsmId
+Aliases:
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -HsmName
+Name of the HSM.
+
+```yaml
+Type: System.String
+Parameter Sets: UpdateSettingViaFlattenValues
+Aliases:
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+```yaml
+Type: System.String
+Parameter Sets: UpdateSettingViaInputObject
+Aliases:
+
+Required: False
+Position: 0
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -HsmObject
+Hsm Object.
+
+```yaml
+Type: Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+Parameter Sets: UpdateSettingViaHsmObject
+Aliases:
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: True (ByValue)
+Accept wildcard characters: False
+```
+
+### -InputObject
+The location of the deleted vault.
+
+```yaml
+Type: Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultSetting
+Parameter Sets: UpdateSettingViaInputObject
+Aliases:
+
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByValue)
+Accept wildcard characters: False
+```
+
+### -Name
+Name of the setting.
+
+```yaml
+Type: System.String
+Parameter Sets: UpdateSettingViaFlattenValues, UpdateSettingViaHsmObject, UpdateSettingViaHsmId
+Aliases:
+
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -PassThru
+Cmdlet does not return object by default. If this switch is specified, return Secret object.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Value
+Value of the setting.
+
+```yaml
+Type: System.String
+Parameter Sets: UpdateSettingViaFlattenValues, UpdateSettingViaHsmObject, UpdateSettingViaHsmId
+Aliases:
+
+Required: True
+Position: 2
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+```yaml
+Type: System.String
+Parameter Sets: UpdateSettingViaInputObject
+Aliases:
+
+Required: False
+Position: 2
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Confirm
+Prompts you for confirmation before running the cmdlet.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases: cf
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -WhatIf
+Shows what would happen if the cmdlet runs. The cmdlet is not run.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases: wi
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultSetting
+
+### Microsoft.Azure.Commands.KeyVault.Models.PSManagedHsm
+
+## OUTPUTS
+
+### Microsoft.Azure.Commands.KeyVault.Models.PSKeyVaultSetting
+
+## NOTES
+
+## RELATED LINKS
+[Get-AzKeyVaultSetting](./Get-AzKeyVaultSetting.md)
\ No newline at end of file