azure.keyvault-storage

Key Vault Managed Storage Account Resource

example

List all Key Vault managed Storage Accounts

policies:
  - name: keyvault-storage
    resource: azure.keyvault-storage

Actions

regenerate-key

Regenerate Managed Storage Access Key

example

Regenerate all Access Keys older than 30 days.

policies:
  - name: azure-managed-storage-regenerate-key
    resource: azure.keyvault-storage
    filters:
      - type: value
        key: attributes.updated
        op: gt
        value_type: age
        value: 30
    actions:
     - type: regenerate-key
properties:
  type:
    enum:
    - regenerate-key
required:
- type

update

Update Key Vault Managed Storage Account properties.

example

Ensure all keys have auto regenerate enabled with 30 days rotation policy.

policies:
  - name: azure-managed-storage-update
    resource: azure.keyvault-storage
    filters:
      - or:
        - type: auto-regenerate-key
          value: false
        - type: regeneration-period
          op: ne
          value: P30D
    actions:
     - type: update
       auto-regenerate-key: true
       regeneration-period: P30D
properties:
  active-key-name:
    type: string
  auto-regenerate-key:
    type: boolean
  regeneration-period:
    type: string
  type:
    enum:
    - update
required:
- type