You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/key-vault/general/keyvault-moveregion.md
+6-7Lines changed: 6 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,18 +16,17 @@ Customer intent: As a key vault administrator, I want to move my vault to anothe
16
16
17
17
# Move an Azure key vault across regions
18
18
19
-
Key Vault doesn't support a resource move operation that permits moving a key vault from one region to another. This article covers workarounds for organizations that have a business need to move a key vault to another region. Each workaround option has limitations. It is critical to understand the implications of these workarounds before you attempt to apply them in a production environment.
19
+
Azure Key Vault doesn't support a resource move operation that permits moving a key vault from one region to another. This article covers workarounds for organizations that have a business need to move a key vault to another region. Each workaround option has limitations. It's critical to understand the implications of these workarounds before you attempt to apply them in a production environment.
20
20
21
21
To move a key vault to another region, you create a key vault in that other region and then manually copy each individual secret from your existing key vault to the new key vault. You can do this by using either of the following two options.
22
22
23
23
## Design considerations
24
24
25
-
* Key vault names are globally unique. You can't reuse a vault name.
26
-
27
-
* You need to reconfigure access policies and network configuration settings in the new key vault.
25
+
Before you begin, keep in mind the following concepts:
28
26
27
+
* Key vault names are globally unique. You can't reuse a vault name.
28
+
* You need to reconfigure your access policies and network configuration settings in the new key vault.
29
29
* You need to reconfigure soft-delete and purge protection in the new key vault.
30
-
31
30
* The backup and restore operation won't preserve your autorotation settings. You might need to reconfigure the settings.
32
31
33
32
## Option 1: Use the key vault backup and restore commands
@@ -38,8 +37,8 @@ Using the backup and restore commands has two limitations:
38
37
39
38
* You can't back up a key vault in one geography and restore it into another geography. For more information, see [Azure geographies](https://azure.microsoft.com/global-infrastructure/geographies/).
40
39
41
-
* The backup command backs up all versions of each secret. If you have a secret with a large number (more than 10) of previous versions, the request might exceed the maximum allowed request size and the operation might fail.
40
+
* The backup command backs up all versions of each secret. If you have a secret with a large number of previous versions (more than 10), the request size might exceed the allowed maximum and the operation might fail.
42
41
43
42
## Option 2: Manually download and upload the key vault secrets
44
43
45
-
You can download certain secret types manually. For example, you can download certificates as a .pfx file. This option eliminates the geographical restrictions for some secret types, such as certificates. You can upload the .pfx files to any key vault in any region. The secrets are downloaded in a non-password protected format. You are responsible for securing your secrets during the move.
44
+
You can download certain secret types manually. For example, you can download certificates as a PFX file. This option eliminates the geographical restrictions for some secret types, such as certificates. You can upload the PFX files to any key vault in any region. The secrets are downloaded in a non-password protected format. You are responsible for securing your secrets during the move.
0 commit comments