From d0459cfb6b6d5f261454c183b6f69175281480c9 Mon Sep 17 00:00:00 2001
From: Bin Xia <binxi@microsoft.com>
Date: Thu, 24 Feb 2022 16:46:47 +0800
Subject: [PATCH] Add key management service profile of a managed cluster for
 version 2022-02-02-preview (#17955)

* Add key management service profile of a managed cluster for version 2022-02-02-preview

* add kmsProfile

* update after api review

* add more details in description

* update for comments
---
 .../2022-02-02-preview/managedClusters.json    | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-02-02-preview/managedClusters.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-02-02-preview/managedClusters.json
index dc89ef57ae6f..0da73adcf8b3 100644
--- a/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-02-02-preview/managedClusters.json
+++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-02-02-preview/managedClusters.json
@@ -5510,6 +5510,10 @@
         "azureDefender": {
           "$ref": "#/definitions/ManagedClusterSecurityProfileAzureDefender",
           "description": "Azure Defender settings for the security profile."
+        },
+        "azureKeyVaultKms": {
+          "$ref": "#/definitions/AzureKeyVaultKms",
+          "description": "Azure Key Vault [key management service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile."
         }
       },
       "description": "Security profile for the container service cluster."
@@ -5528,6 +5532,20 @@
       },
       "description": "Azure Defender settings for the security profile."
     },
+    "AzureKeyVaultKms": {
+      "type": "object",
+      "properties": {
+        "enabled": {
+          "type": "boolean",
+          "description": "Whether to enable Azure Key Vault key management service. The default is false."
+        },
+        "keyId": {
+          "type": "string",
+          "description": "Identifier of Azure Key Vault key. See [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. When Azure Key Vault key management service is disabled, leave the field empty."
+        }
+      },
+      "description": "Azure Key Vault key management service settings for the security profile."
+    },
     "CreationData": {
       "description": "Data used when creating a target resource from a source resource.",
       "type": "object",