azure.keyvault-storage¶

Key Vault Managed Storage Account Resource

example

List all Key Vault managed Storage Accounts

policies:
  - name: keyvault-storage
    resource: azure.keyvault-storage

Filters¶

active-key-name

auto-regenerate-key

event

parent

reduce

regeneration-period

value

Actions¶

logic-app

notify

regenerate-key

update

webhook

regenerate-key¶

Regenerate Managed Storage Access Key

example

Regenerate all Access Keys older than 30 days.

policies:
  - name: azure-managed-storage-regenerate-key
    resource: azure.keyvault-storage
    filters:
      - type: value
        key: attributes.updated
        op: gt
        value_type: age
        value: 30
    actions:
     - type: regenerate-key

properties:
  type:
    enum:
    - regenerate-key
required:
- type

update¶

Update Key Vault Managed Storage Account properties.

example

Ensure all keys have auto regenerate enabled with 30 days rotation policy.

policies:
  - name: azure-managed-storage-update
    resource: azure.keyvault-storage
    filters:
      - or:
        - type: auto-regenerate-key
          value: false
        - type: regeneration-period
          op: ne
          value: P30D
    actions:
     - type: update
       auto-regenerate-key: true
       regeneration-period: P30D

properties:
  active-key-name:
    type: string
  auto-regenerate-key:
    type: boolean
  regeneration-period:
    type: string
  type:
    enum:
    - update
required:
- type