standard
turbot/azure_compliance

Trigger: Detect & correct Key Vaults with RBAC secrets without expiration date

Detect Key Vaults with RBAC secrets that do not have an expiration date set and then set expiration date.

Query

with rbac_vault as (
select
name
from
azure_key_vault
where
enable_rbac_authorization
)
select
concat(
kvs.id,
' [',
kvs.subscription_id,
'/',
kvs.resource_group,
']'
) as title,
kvs.id as id,
kvs.name,
kvs.subscription_id,
kvs.vault_name as vault_name,
kvs._ctx ->> 'connection_name' as conn
from
azure_key_vault_secret kvs
left join rbac_vault as v on v.name = kvs.vault_name
where
kvs.enabled
and kvs.expires_at is null
and v.name is not null;

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/KeyVault