0
# Vault Configuration
1
2
Management of Recovery Services vault settings including storage configuration, encryption settings, and vault-level policies. Provides comprehensive vault administration capabilities for backup infrastructure management, security configuration, and operational settings.
3
4
## Capabilities
5
6
### Vault Configuration Management
7
8
Core operations for managing Recovery Services vault configurations and settings.
9
10
```python { .api }
11
class BackupResourceVaultConfigsOperations:
12
def get(self, resource_group_name: str, vault_name: str, **kwargs) -> BackupResourceVaultConfigResource:
13
"""
14
Get Recovery Services vault configuration.
15
16
Parameters:
17
- resource_group_name: Resource group containing the vault
18
- vault_name: Recovery Services vault name
19
- kwargs: Additional options
20
21
Returns:
22
BackupResourceVaultConfigResource with vault configuration
23
"""
24
25
def update(
26
self,
27
resource_group_name: str,
28
vault_name: str,
29
parameters: BackupResourceVaultConfigResource,
30
**kwargs
31
) -> BackupResourceVaultConfigResource:
32
"""
33
Update Recovery Services vault configuration.
34
35
Parameters:
36
- resource_group_name: Resource group containing the vault
37
- vault_name: Recovery Services vault name
38
- parameters: Updated vault configuration
39
- kwargs: Additional options
40
41
Returns:
42
Updated BackupResourceVaultConfigResource
43
"""
44
```
45
46
Usage example:
47
48
```python
49
# Get current vault configuration
50
vault_config = client.backup_resource_vault_configs.get("my-rg", "my-vault")
51
print(f"Storage Type: {vault_config.properties.storage_model_type}")
52
print(f"Soft Delete Enabled: {vault_config.properties.soft_delete_feature_state}")
53
54
# Update vault configuration
55
from azure.mgmt.recoveryservicesbackup.activestamp.models import (
56
BackupResourceVaultConfigResource,
57
BackupResourceVaultConfig
58
)
59
60
updated_config = BackupResourceVaultConfigResource(
61
properties=BackupResourceVaultConfig(
62
storage_model_type="GeoRedundant",
63
cross_region_restore_flag=True,
64
soft_delete_feature_state="Enabled",
65
soft_delete_retention_period_in_days=14,
66
resource_guard_operation_requests=[],
67
is_soft_delete_feature_state_enabled=True
68
)
69
)
70
71
result = client.backup_resource_vault_configs.update("my-rg", "my-vault", updated_config)
72
print("Vault configuration updated successfully")
73
```
74
75
### Storage Configuration Management
76
77
Operations for managing vault storage settings including redundancy and cross-region restore capabilities.
78
79
```python { .api }
80
class BackupResourceStorageConfigsOperations:
81
def get(self, resource_group_name: str, vault_name: str, **kwargs) -> BackupResourceStorageConfigResource:
82
"""
83
Get vault storage configuration.
84
85
Parameters:
86
- resource_group_name: Resource group containing the vault
87
- vault_name: Recovery Services vault name
88
- kwargs: Additional options
89
90
Returns:
91
BackupResourceStorageConfigResource with storage configuration
92
"""
93
94
def update(
95
self,
96
resource_group_name: str,
97
vault_name: str,
98
parameters: BackupResourceStorageConfigResource,
99
**kwargs
100
) -> None:
101
"""
102
Update vault storage configuration.
103
104
Parameters:
105
- resource_group_name: Resource group containing the vault
106
- vault_name: Recovery Services vault name
107
- parameters: Updated storage configuration
108
- kwargs: Additional options
109
"""
110
111
def patch(
112
self,
113
resource_group_name: str,
114
vault_name: str,
115
parameters: BackupResourceStorageConfigResource,
116
**kwargs
117
) -> None:
118
"""
119
Partially update vault storage configuration.
120
121
Parameters:
122
- resource_group_name: Resource group containing the vault
123
- vault_name: Recovery Services vault name
124
- parameters: Storage configuration updates
125
- kwargs: Additional options
126
"""
127
128
class BackupResourceStorageConfigsNonCRROperations:
129
def get(self, resource_group_name: str, vault_name: str, **kwargs) -> BackupResourceStorageConfigResource:
130
"""Get storage configuration for non-CRR scenarios."""
131
132
def update(
133
self,
134
resource_group_name: str,
135
vault_name: str,
136
parameters: BackupResourceStorageConfigResource,
137
**kwargs
138
) -> None:
139
"""Update storage configuration for non-CRR scenarios."""
140
141
def patch(
142
self,
143
resource_group_name: str,
144
vault_name: str,
145
parameters: BackupResourceStorageConfigResource,
146
**kwargs
147
) -> None:
148
"""Partially update storage configuration for non-CRR scenarios."""
149
```
150
151
Usage example:
152
153
```python
154
# Get storage configuration
155
storage_config = client.backup_resource_storage_configs.get("my-rg", "my-vault")
156
print(f"Storage Type: {storage_config.properties.storage_type}")
157
print(f"Cross Region Restore: {storage_config.properties.cross_region_restore_flag}")
158
159
# Update to Geo-Redundant storage with CRR
160
from azure.mgmt.recoveryservicesbackup.activestamp.models import (
161
BackupResourceStorageConfigResource,
162
BackupResourceStorageConfig
163
)
164
165
new_storage_config = BackupResourceStorageConfigResource(
166
properties=BackupResourceStorageConfig(
167
storage_type="GeoRedundant",
168
cross_region_restore_flag=True,
169
storage_type_state="Locked"
170
)
171
)
172
173
client.backup_resource_storage_configs.update("my-rg", "my-vault", new_storage_config)
174
print("Storage configuration updated")
175
```
176
177
### Encryption Configuration
178
179
Management of backup data encryption settings and configurations.
180
181
```python { .api }
182
class BackupResourceEncryptionConfigsOperations:
183
def get(self, resource_group_name: str, vault_name: str, **kwargs) -> BackupResourceEncryptionConfigResource:
184
"""
185
Get backup encryption configuration.
186
187
Parameters:
188
- resource_group_name: Resource group containing the vault
189
- vault_name: Recovery Services vault name
190
- kwargs: Additional options
191
192
Returns:
193
BackupResourceEncryptionConfigResource with encryption configuration
194
"""
195
196
def update(
197
self,
198
resource_group_name: str,
199
vault_name: str,
200
parameters: BackupResourceEncryptionConfigResource,
201
**kwargs
202
) -> BackupResourceEncryptionConfigResource:
203
"""
204
Update backup encryption configuration.
205
206
Parameters:
207
- resource_group_name: Resource group containing the vault
208
- vault_name: Recovery Services vault name
209
- parameters: Updated encryption configuration
210
- kwargs: Additional options
211
212
Returns:
213
Updated BackupResourceEncryptionConfigResource
214
"""
215
```
216
217
Usage example:
218
219
```python
220
# Get encryption configuration
221
encryption_config = client.backup_resource_encryption_configs.get("my-rg", "my-vault")
222
print(f"Encryption State: {encryption_config.properties.encryption_at_rest_type}")
223
print(f"Key URI: {encryption_config.properties.key_uri}")
224
225
# Enable customer-managed key encryption
226
from azure.mgmt.recoveryservicesbackup.activestamp.models import (
227
BackupResourceEncryptionConfigResource,
228
BackupResourceEncryptionConfig
229
)
230
231
new_encryption_config = BackupResourceEncryptionConfigResource(
232
properties=BackupResourceEncryptionConfig(
233
encryption_at_rest_type="CustomerManaged",
234
key_uri="https://myvault.vault.azure.net/keys/mykey",
235
subscription_id=subscription_id,
236
last_update_status="Succeeded",
237
infrastructure_encryption="Enabled"
238
)
239
)
240
241
result = client.backup_resource_encryption_configs.update("my-rg", "my-vault", new_encryption_config)
242
print("Encryption configuration updated")
243
```
244
245
## Configuration Types
246
247
### Backup Resource Vault Config
248
249
Core vault configuration settings including soft delete, cross-region restore, and security features.
250
251
```python { .api }
252
class BackupResourceVaultConfig:
253
def __init__(
254
self,
255
storage_model_type: Optional[str] = None,
256
cross_region_restore_flag: Optional[bool] = None,
257
storage_type: Optional[str] = None,
258
storage_type_state: Optional[str] = None,
259
enhanced_security_state: Optional[str] = None,
260
soft_delete_feature_state: Optional[str] = None,
261
soft_delete_retention_period_in_days: Optional[int] = None,
262
resource_guard_operation_requests: Optional[List[str]] = None,
263
is_soft_delete_feature_state_enabled: Optional[bool] = None,
264
**kwargs
265
):
266
"""
267
Backup resource vault configuration.
268
269
Parameters:
270
- storage_model_type: "GeoRedundant", "LocallyRedundant", "ReadAccessGeoRedundant", "ZoneRedundant"
271
- cross_region_restore_flag: Enable cross-region restore capability
272
- storage_type: Storage redundancy type
273
- storage_type_state: "Locked", "Unlocked"
274
- enhanced_security_state: "Enabled", "Disabled", "Invalid"
275
- soft_delete_feature_state: "Enabled", "Disabled", "Invalid"
276
- soft_delete_retention_period_in_days: Retention period (1-180 days)
277
- resource_guard_operation_requests: Resource guard operation identifiers
278
- is_soft_delete_feature_state_enabled: Whether soft delete is enabled
279
"""
280
281
storage_model_type: Optional[str]
282
cross_region_restore_flag: Optional[bool]
283
storage_type: Optional[str]
284
storage_type_state: Optional[str]
285
enhanced_security_state: Optional[str]
286
soft_delete_feature_state: Optional[str]
287
soft_delete_retention_period_in_days: Optional[int]
288
resource_guard_operation_requests: Optional[List[str]]
289
is_soft_delete_feature_state_enabled: Optional[bool]
290
```
291
292
### Backup Resource Storage Config
293
294
Storage-specific configuration settings for the Recovery Services vault.
295
296
```python { .api }
297
class BackupResourceStorageConfig:
298
def __init__(
299
self,
300
storage_type: Optional[str] = None,
301
storage_type_state: Optional[str] = None,
302
cross_region_restore_flag: Optional[bool] = None,
303
dedup_state: Optional[str] = None,
304
xcool_state: Optional[str] = None,
305
**kwargs
306
):
307
"""
308
Backup resource storage configuration.
309
310
Parameters:
311
- storage_type: "GeoRedundant", "LocallyRedundant", "ReadAccessGeoRedundant", "ZoneRedundant"
312
- storage_type_state: "Locked", "Unlocked"
313
- cross_region_restore_flag: Enable cross-region restore
314
- dedup_state: Deduplication state
315
- xcool_state: Cross-cool tier state
316
"""
317
318
storage_type: Optional[str]
319
storage_type_state: Optional[str]
320
cross_region_restore_flag: Optional[bool]
321
dedup_state: Optional[str]
322
xcool_state: Optional[str]
323
```
324
325
### Backup Resource Encryption Config
326
327
Encryption configuration for backup data at rest.
328
329
```python { .api }
330
class BackupResourceEncryptionConfig:
331
def __init__(
332
self,
333
encryption_at_rest_type: Optional[str] = None,
334
key_uri: Optional[str] = None,
335
subscription_id: Optional[str] = None,
336
last_update_status: Optional[str] = None,
337
infrastructure_encryption: Optional[str] = None,
338
user_assigned_identity: Optional[str] = None,
339
use_system_assigned_identity: Optional[bool] = None,
340
**kwargs
341
):
342
"""
343
Backup resource encryption configuration.
344
345
Parameters:
346
- encryption_at_rest_type: "MicrosoftManaged", "CustomerManaged", "Invalid"
347
- key_uri: URI of the customer-managed key
348
- subscription_id: Subscription ID for the key vault
349
- last_update_status: Status of the last update
350
- infrastructure_encryption: "Enabled", "Disabled"
351
- user_assigned_identity: User-assigned managed identity for key access
352
- use_system_assigned_identity: Whether to use system-assigned identity
353
"""
354
355
encryption_at_rest_type: Optional[str]
356
key_uri: Optional[str]
357
subscription_id: Optional[str]
358
last_update_status: Optional[str]
359
infrastructure_encryption: Optional[str]
360
user_assigned_identity: Optional[str]
361
use_system_assigned_identity: Optional[bool]
362
```
363
364
## Usage Examples
365
366
### Configure Vault for Cross-Region Restore
367
368
```python
369
from azure.mgmt.recoveryservicesbackup.activestamp.models import (
370
BackupResourceVaultConfigResource,
371
BackupResourceVaultConfig,
372
BackupResourceStorageConfigResource,
373
BackupResourceStorageConfig
374
)
375
376
# Step 1: Configure storage for cross-region restore
377
storage_config = BackupResourceStorageConfigResource(
378
properties=BackupResourceStorageConfig(
379
storage_type="GeoRedundant",
380
cross_region_restore_flag=True,
381
storage_type_state="Unlocked"
382
)
383
)
384
385
client.backup_resource_storage_configs.update("my-rg", "my-vault", storage_config)
386
387
# Step 2: Configure vault settings
388
vault_config = BackupResourceVaultConfigResource(
389
properties=BackupResourceVaultConfig(
390
storage_model_type="GeoRedundant",
391
cross_region_restore_flag=True,
392
soft_delete_feature_state="Enabled",
393
soft_delete_retention_period_in_days=14,
394
enhanced_security_state="Enabled"
395
)
396
)
397
398
client.backup_resource_vault_configs.update("my-rg", "my-vault", vault_config)
399
print("Vault configured for cross-region restore")
400
```
401
402
### Enable Customer-Managed Key Encryption
403
404
```python
405
from azure.mgmt.recoveryservicesbackup.activestamp.models import (
406
BackupResourceEncryptionConfigResource,
407
BackupResourceEncryptionConfig
408
)
409
410
# Configure customer-managed key encryption
411
encryption_config = BackupResourceEncryptionConfigResource(
412
properties=BackupResourceEncryptionConfig(
413
encryption_at_rest_type="CustomerManaged",
414
key_uri="https://myvault.vault.azure.net/keys/backupkey/version",
415
subscription_id=subscription_id,
416
infrastructure_encryption="Enabled",
417
use_system_assigned_identity=False,
418
user_assigned_identity="/subscriptions/sub-id/resourceGroups/my-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/backup-identity"
419
)
420
)
421
422
result = client.backup_resource_encryption_configs.update("my-rg", "my-vault", encryption_config)
423
print(f"Encryption configured: {result.properties.last_update_status}")
424
```
425
426
### Configure Soft Delete Settings
427
428
```python
429
# Enable soft delete with custom retention period
430
vault_config = BackupResourceVaultConfigResource(
431
properties=BackupResourceVaultConfig(
432
soft_delete_feature_state="Enabled",
433
soft_delete_retention_period_in_days=30, # 30 days retention
434
is_soft_delete_feature_state_enabled=True
435
)
436
)
437
438
result = client.backup_resource_vault_configs.update("my-rg", "my-vault", vault_config)
439
print("Soft delete configured with 30-day retention")
440
```
441
442
### Monitor Vault Configuration
443
444
```python
445
# Get comprehensive vault configuration
446
vault_config = client.backup_resource_vault_configs.get("my-rg", "my-vault")
447
storage_config = client.backup_resource_storage_configs.get("my-rg", "my-vault")
448
encryption_config = client.backup_resource_encryption_configs.get("my-rg", "my-vault")
449
450
print("=== Vault Configuration ===")
451
print(f"Storage Type: {vault_config.properties.storage_model_type}")
452
print(f"Cross-Region Restore: {vault_config.properties.cross_region_restore_flag}")
453
print(f"Soft Delete: {vault_config.properties.soft_delete_feature_state}")
454
print(f"Soft Delete Retention: {vault_config.properties.soft_delete_retention_period_in_days} days")
455
print(f"Enhanced Security: {vault_config.properties.enhanced_security_state}")
456
457
print("\n=== Storage Configuration ===")
458
print(f"Storage Type: {storage_config.properties.storage_type}")
459
print(f"Storage State: {storage_config.properties.storage_type_state}")
460
print(f"Cross-Region Restore: {storage_config.properties.cross_region_restore_flag}")
461
462
print("\n=== Encryption Configuration ===")
463
print(f"Encryption Type: {encryption_config.properties.encryption_at_rest_type}")
464
if encryption_config.properties.key_uri:
465
print(f"Key URI: {encryption_config.properties.key_uri}")
466
print(f"Infrastructure Encryption: {encryption_config.properties.infrastructure_encryption}")
467
```
468
469
### Update Storage Redundancy
470
471
```python
472
# Change storage redundancy type (only when unlocked)
473
current_config = client.backup_resource_storage_configs.get("my-rg", "my-vault")
474
475
if current_config.properties.storage_type_state == "Unlocked":
476
new_config = BackupResourceStorageConfigResource(
477
properties=BackupResourceStorageConfig(
478
storage_type="ZoneRedundant", # Change to zone-redundant
479
cross_region_restore_flag=False, # Disable CRR for ZRS
480
storage_type_state="Locked" # Lock after change
481
)
482
)
483
484
client.backup_resource_storage_configs.update("my-rg", "my-vault", new_config)
485
print("Storage changed to Zone-Redundant and locked")
486
else:
487
print("Storage type is locked and cannot be changed")
488
```