standard
turbot/azure_compliance

Trigger: Detect & correct Key Vaults with RBAC keys without expiration date

Detect Key Vaults with RBAC keys that do not have an expiration date set and then set expiration date.

Query

with rbac_vault as (
select
name
from
azure_key_vault
where
enable_rbac_authorization
)
select
concat(
kvk.id,
' [',
kvk.subscription_id,
'/',
kvk.resource_group,
']'
) as title,
kvk.id as id,
kvk.name,
kvk.subscription_id,
kvk.vault_name as vault_name,
kvk._ctx ->> 'connection_name' as conn
from
azure_key_vault_key kvk
left join rbac_vault as v on v.name = kvk.vault_name
where
enabled
and expires_at is null
and v.name is not null;

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/KeyVault