standard
turbot/azure_compliance

Trigger: Detect & correct Key Vaults with non-RBAC secrets without expiration date

Detect Key Vaults with non-RBAC secrets that do not have an expiration date set and then set expiration date.

Query

with non_rbac_vault as (
select
name
from
azure_key_vault
where
not enable_rbac_authorization
)
select
concat(
kvs.id,
' [',
kvs.subscription_id,
'/',
kvs.resource_group,
']'
) as title,
kvs.id as id,
kvs.name,
kvs.subscription_id,
kvs.vault_name as vault_name,
kvs._ctx ->> 'connection_name' as conn
from
azure_key_vault_secret kvs
left join non_rbac_vault as v on v.name = kvs.vault_name
where
kvs.enabled
and kvs.expires_at is null
and v.name is not null;

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/KeyVault