Merge pull request #2656 from msmbaldwin/mhsm-placeholder-standardization

[SCOPED] Standardize placeholders in managed-hsm docset

Author: AnnaMHuff

articles/key-vault/includes/managed-hsm/sdk-role-assignment.md

@@ -14,11 +14,11 @@ For your application to access keys, assign the appropriate Managed HSM local RB
 
 ```azurecli
 # Get the principal ID of your managed identity
-principalId=$(az vm identity show --name myVM --resource-group myRG --query principalId -o tsv)
+principalId=$(az vm identity show --name <vm-name> --resource-group <resource-group> --query principalId -o tsv)
 
 # Assign the Crypto User role for key operations
 az keyvault role assignment create \
-    --hsm-name ContosoMHSM \
+    --hsm-name <hsm-name> \
     --role "Managed HSM Crypto User" \
     --assignee $principalId \
     --scope /keys

articles/key-vault/managed-hsm/backup-restore.md

@@ -47,11 +47,11 @@ To execute a full backup, provide the following information:
 1. Provide **Storage Blob Data Contributor** role access to the user-assigned managed identity created in step 2, by going to the **Access Control** tab on the portal and selecting **Add Role Assignment**. Then select **managed identity** and select the managed identity created in step 2 -> **Review + Assign**
 1. Create the Managed HSM and associate the managed identity:
    ```azurecli-interactive
-   az keyvault create --hsm-name ContosoMHSM -l mhsmlocation --retention-days 7 --administrators "initialadmin" --mi-user-assigned "/subscriptions/subid/resourcegroups/mhsmrgname/providers/Microsoft.ManagedIdentity/userAssignedIdentities/userassignedidentitynamefromstep2" 
+   az keyvault create --hsm-name <hsm-name> -l <location> --retention-days 7 --administrators "<initial-admin>" --mi-user-assigned "/subscriptions/<subscription-id>/resourcegroups/<resource-group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<managed-identity-name>" 
    ```
  If you have an existing Managed HSM, associate the managed identity by updating the MHSM with the following command. 
   ```azurecli-interactive
-   az keyvault update-hsm --hsm-name ContosoMHSM --mi-user-assigned "/subscriptions/subid/resourcegroups/mhsmrgname/providers/Microsoft.ManagedIdentity/userAssignedIdentities/userassignedidentitynamefromstep2" 
+   az keyvault update-hsm --hsm-name <hsm-name> --mi-user-assigned "/subscriptions/<subscription-id>/resourcegroups/<resource-group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<managed-identity-name>" 
    ```
 
 ## Full backup
@@ -65,7 +65,7 @@ While the backup is in progress, the HSM might not operate at full throughput as
 
 ### Backup HSM by using user assigned managed identity
 ```azurecli-interactive
-az keyvault backup start --use-managed-identity true --hsm-name ContosoMHSM --storage-account-name contosostorage --blob-container-name contosostoragecontainer
+az keyvault backup start --use-managed-identity true --hsm-name <hsm-name> --storage-account-name <storage-account-name> --blob-container-name <container-name>
   ```
 ### Backup HSM by using SAS token
 
@@ -76,19 +76,19 @@ end=$(date -u -d "500 minutes" '+%Y-%m-%dT%H:%MZ')
 
 # Get storage account key
 
-skey=$(az storage account keys list --query '[0].value' -o tsv --account-name contosostorage --subscription {subscription-id})
+skey=$(az storage account keys list --query '[0].value' -o tsv --account-name <storage-account-name> --subscription <subscription-id>)
 
 # Create a container
 
-az storage container create --account-name contosostorage --name contosostoragecontainer --account-key $skey
+az storage container create --account-name <storage-account-name> --name <container-name> --account-key $skey
 
 # Generate a container sas token
 
-sas=$(az storage container generate-sas -n contosostoragecontainer --account-name contosostorage --permissions crdw --expiry $end --account-key $skey -o tsv --subscription {subscription-id})
+sas=$(az storage container generate-sas -n <container-name> --account-name <storage-account-name> --permissions crdw --expiry $end --account-key $skey -o tsv --subscription <subscription-id>)
 
 # Backup HSM
 
-az keyvault backup start --hsm-name ContosoMHSM --storage-account-name contosostorage --blob-container-name contosostoragecontainer --storage-container-SAS-token $sas --subscription {subscription-id}
+az keyvault backup start --hsm-name <hsm-name> --storage-account-name <storage-account-name> --blob-container-name <container-name> --storage-container-SAS-token $sas --subscription <subscription-id>
 
 ```
 
@@ -112,7 +112,7 @@ Restore is a long running operation but it immediately returns a Job ID. You can
 
 ### Restore HSM by using user assigned managed identity
 ```azurecli-interactive
-az keyvault restore start --hsm-name ContosoMHSM --storage-account-name contosostorage --blob-container-name contosostoragecontainer --backup-folder mhsm-backup-foldername --use-managed-identity true
+az keyvault restore start --hsm-name <hsm-name> --storage-account-name <storage-account-name> --blob-container-name <container-name> --backup-folder <backup-folder> --use-managed-identity true
   ```
 ### Restore HSM by using SAS token
 
@@ -123,15 +123,15 @@ end=$(date -u -d "500 minutes" '+%Y-%m-%dT%H:%MZ')
 
 # Get storage account key
 
-skey=$(az storage account keys list --query '[0].value' -o tsv --account-name contosostorage --subscription {subscription-id})
+skey=$(az storage account keys list --query '[0].value' -o tsv --account-name <storage-account-name> --subscription <subscription-id>)
 
 # Generate a container sas token
 
-sas=$(az storage container generate-sas -n contosostoragecontainer --account-name contosostorage --permissions rl --expiry $end --account-key $skey -o tsv --subscription {subscription-id})
+sas=$(az storage container generate-sas -n <container-name> --account-name <storage-account-name> --permissions rl --expiry $end --account-key $skey -o tsv --subscription <subscription-id>)
 
 # Restore HSM
 
-az keyvault restore start --hsm-name ContosoMHSM --storage-account-name contosostorage --blob-container-name contosostoragecontainer --storage-container-SAS-token $sas --backup-folder mhsm-ContosoMHSM-2020083120161860
+az keyvault restore start --hsm-name <hsm-name> --storage-account-name <storage-account-name> --blob-container-name <container-name> --storage-container-SAS-token $sas --backup-folder <backup-folder>
 ```
 
 ## Selective key restore
@@ -140,12 +140,12 @@ Selective key restore restores one key with all its key versions from a previous
 
 ### Selective key restore by using user assigned managed identity
 ```
-az keyvault restore start --hsm-name ContosoMHSM --storage-account-name contosostorage --blob-container-name contosostoragecontainer --backup-folder mhsm-backup-foldername --use-managed-identity true --key-name rsa-key2
+az keyvault restore start --hsm-name <hsm-name> --storage-account-name <storage-account-name> --blob-container-name <container-name> --backup-folder <backup-folder> --use-managed-identity true --key-name <key-name>
   ```
 
 ### Selective key restore by using SAS token
 ```
-az keyvault restore start --hsm-name ContosoMHSM --storage-account-name contosostorage --blob-container-name contosostoragecontainer --storage-container-SAS-token $sas --backup-folder mhsm-ContosoMHSM-2020083120161860 --key-name rsa-key2
+az keyvault restore start --hsm-name <hsm-name> --storage-account-name <storage-account-name> --blob-container-name <container-name> --storage-container-SAS-token $sas --backup-folder <backup-folder> --key-name <key-name>
 ```
 
 ## Next steps

articles/key-vault/managed-hsm/configure-network-security.md

@@ -39,19 +39,19 @@ Here's how to configure Managed HSM firewalls by using the Azure CLI:
 1. Use the [az keyvault update-hsm](/cli/azure/keyvault#az-keyvault-update-hsm) command to set the default action to Deny before creating a firewall.
 
    ```azurecli
-   az keyvault update-hsm --resource-group "ContosoResourceGroup" --hsm-name "ContosoMHSM" --default-action Deny
+   az keyvault update-hsm --resource-group "<resource-group>" --hsm-name "<hsm-name>" --default-action Deny
    ```
 
 1. Use the [az keyvault network-rule add](/cli/azure/keyvault/network-rule#az-keyvault-network-rule-add) command to add an IP address range to allow traffic.
 
    ```azurecli
-   az keyvault network-rule add --resource-group "ContosoResourceGroup" --hsm-name "ContosoMHSM" --ip-address "191.10.18.0/24"
+   az keyvault network-rule add --resource-group "<resource-group>" --hsm-name "<hsm-name>" --ip-address "<ip-address-range>"
    ```
 
 1. If any trusted services need access to this key vault, use the [az keyvault update](/cli/azure/keyvault#az-keyvault-update) command to set bypass to AzureServices.
 
    ```azurecli
-   az keyvault update --resource-group "ContosoResourceGroup" --hsm-name "ContosoMHSM" --bypass AzureServices
+   az keyvault update --resource-group "<resource-group>" --hsm-name "<hsm-name>" --bypass AzureServices
    ```
 
 # [Azure PowerShell](#tab/azure-powershell)
@@ -62,15 +62,15 @@ Here's how to configure Managed HSM firewalls by using PowerShell:
 1. Use the [Update-AzKeyVaultManagedHsmNetworkRuleSet](/powershell/module/az.keyvault/update-azkeyvaultmanagedhsmnetworkruleset) cmdlet to set default action to Deny and add an IP address range to allow traffic.
 
    ```powershell
-   Update-AzKeyVaultManagedHsmNetworkRuleSet -Name "ContosoMHSM" -ResourceGroupName "ContosoResourceGroup" -DefaultAction Deny -IpAddressRange @('16.17.18.0/24') -PassThru 
+   Update-AzKeyVaultManagedHsmNetworkRuleSet -Name "<hsm-name>" -ResourceGroupName "<resource-group>" -DefaultAction Deny -IpAddressRange @('<ip-address-range>') -PassThru 
    ```
 
    Include `-ReplaceAllRules` to overwrite IP Lists. Otherwise, the command merges the newly included rules.
 
 1. If any trusted services need access to this managed HSM, use the [Update-AzKeyVaultManagedHsmNetworkRuleSet](/powershell/module/az.keyvault/update-azkeyvaultmanagedhsmnetworkruleset) cmdlet to set bypass to AzureServices.
 
    ```powershell
-   Update-AzKeyVaultManagedHsmNetworkRuleSet -Name "ContosoMHSM" -Bypass AzureServices
+   Update-AzKeyVaultManagedHsmNetworkRuleSet -Name "<hsm-name>" -Bypass AzureServices
    ```
 
 ---