azure.keyvault-key¶
Key Vault Key Resource
- example:
This policy will find all Keys in keyvault_test and keyvault_prod KeyVaults
policies:
- name: keyvault-keys
description:
List all keys from 'keyvault_test' and 'keyvault_prod' vaults
resource: azure.keyvault-key
filters:
- type: keyvault
vaults:
- keyvault_test
- keyvault_prod
- example:
This policy will find all Keys in all KeyVaults that are older than 30 days
policies:
- name: keyvault-keys
description:
List all keys that are older than 30 days
resource: azure.keyvault-key
filters:
- type: value
key: attributes.created
value_type: age
op: gt
value: 30
- example:
If your company wants to enforce usage of HSM-backed keys in the KeyVaults, you can use this policy to find all Keys in all KeyVaults not backed by an HSM module.
policies:
- name: keyvault-keys
description:
List all non-HSM keys
resource: azure.keyvault-key
filters:
- not:
- type: key-type
key-types:
- RSA-HSM, EC-HSM
Filters¶
key-type¶
Parent base class for filters and actions.
properties:
key-types:
items:
enum:
- EC
- EC-HSM
- RSA
- RSA-HSM
type: array
type:
enum:
- key-type
required:
- type
keyvault¶
Parent base class for filters and actions.
properties:
type:
enum:
- keyvault
vaults:
items:
type: string
type: array
required:
- vaults
- type