-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
ManagedHsm_Keys_EC_AllowedCurveNames.json
77 lines (77 loc) · 2.43 KB
/
ManagedHsm_Keys_EC_AllowedCurveNames.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
{
"properties": {
"policyType": "BuiltIn",
"displayName": "[Preview]: Azure Key Vault Managed HSM keys using elliptic curve cryptography should have the specified curve names",
"description": "To use this policy in preview, you must first follow these instructions at https://aka.ms/mhsmgovernance. Keys backed by elliptic curve cryptography can have different curve names. Some applications are only compatible with specific elliptic curve keys. Enforce the types of elliptic curve keys that are allowed to be created in your environment.",
"metadata": {
"category": "Key Vault",
"version": "1.0.1-preview",
"preview": true
},
"version": "1.0.1-preview",
"mode": "Microsoft.ManagedHSM.Data",
"parameters": {
"allowedECNames": {
"allowedValues": [
"P-256",
"P-256K",
"P-384",
"P-521"
],
"defaultValue": [
"P-256",
"P-256K",
"P-384",
"P-521"
],
"metadata": {
"description": "The list of allowed curve names for elliptic curve cryptography certificates.",
"displayName": "Allowed elliptic curve names"
},
"type": "Array"
},
"effect": {
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit",
"metadata": {
"description": "'Audit' allows a non-compliant resource to be created, but flags it as non-compliant. 'Deny' blocks the resource creation. 'Disable' turns off the policy.",
"displayName": "Effect"
},
"type": "String"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.ManagedHSM.Data/managedHsms/keys"
},
{
"field": "Microsoft.ManagedHSM.Data/managedHsms/keys/keyType",
"in": [
"EC",
"EC-HSM"
]
},
{
"field": "Microsoft.ManagedHSM.Data/managedHsms/keys/ellipticCurveName",
"notIn": "[parameters('allowedECNames')]"
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.1-PREVIEW"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/e58fd0c1-feac-4d12-92db-0a7e9421f53e",
"name": "e58fd0c1-feac-4d12-92db-0a7e9421f53e"
}