Resource Type: Azure > Key Vault > Vault
The Vault resource type is a secure storage service that allows you to protect and manage cryptographic keys and secrets, which can be used to secure cloud applications and services.
Resource Context
Vault is a part of the Key Vault service.
Each Vault lives under a Resource Group.
Controls
The primary controls for Azure > Key Vault > Vault are:
It is also targeted by these controls:
- Azure > CIS v1 > 5 Logging and Monitoring > 5.1 Configuring Log Profile > 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' (Scored)
- Azure > CIS v1 > 8 Other Security Considerations > 8.01 Ensure that the expiration date is set on all keys (Scored)
- Azure > CIS v1 > 8 Other Security Considerations > 8.02 Ensure that the expiration date is set on all secrets (Scored)
- Azure > CIS v1 > 8 Other Security Considerations > 8.04 Ensure the key vault is recoverable (Scored)
- Azure > CIS v1.2 > 8 - Other Security Considerations > 8.01 - Ensure that the expiration date is set on all keys (Scored)
- Azure > CIS v1.2 > 8 - Other Security Considerations > 8.02 - Ensure that the expiration date is set on all secrets (Scored)
- Azure > CIS v1.2 > 8 - Other Security Considerations > 8.04 - Ensure the key vault is recoverable (Scored)
- Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.05 - Ensure that logging for Azure Key Vault is 'Enabled'
- Azure > CIS v2.0 > 08 - Key Vault > 8.01 - Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults
- Azure > CIS v2.0 > 08 - Key Vault > 8.02 - Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults
- Azure > CIS v2.0 > 08 - Key Vault > 8.03 - Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults
- Azure > CIS v2.0 > 08 - Key Vault > 8.04 - Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults
- Azure > CIS v2.0 > 08 - Key Vault > 8.05 - Ensure the key vault is recoverable
- Azure > CIS v2.0 > 08 - Key Vault > 8.06 - Ensure Role Based Access Control for Azure Key Vault
- Azure > CIS v2.0 > 08 - Key Vault > 8.07 - Ensure that Private Endpoints are Used for Azure Key Vault
- Azure > CIS v2.0 > 08 - Key Vault > 8.08 - Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services
- Azure > CIS v2.0 > 09 - Application Services > 9.11 - Ensure Azure Key Vaults are Used to Store Secrets
- Azure > Key Vault > Key > Discovery
- Azure > Key Vault > Secret > Discovery
Category
In Your Workspace
- Controls by Resource Type report
- Policy Settings by Resource Type report
- Resources by Resource Type report
Developers
- tmod:@turbot/azure-keyvault#/resource/types/vault
- tmod:@turbot/turbot#/resource/categories/security
- turbot graphql resource --id "tmod:@turbot/azure-keyvault#/resource/types/vault"
Get Resource- select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/azure-keyvault#/resource/types/vault';
- select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/azure-keyvault#/resource/types/vault"';
- select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/azure-keyvault#/resource/types/vault' and notification_type in ('resource_updated', 'resource_created');
Get ResourceGet Policy Settings (By Resource ID)Get Resource Notification
Resource Type URI
Category URI
GraphQL
CLI
Steampipe Query