You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the Azure keyvault resource is just doing a list on keyvaults which doesn't return enough resource information to author useful policies. By adding a describe filter to keyvaults or changing the default scan behavior from list to describe there will be a lot more info to filter on and author policies from. One policy example that I need this for is the Azure CIS policy to check if keyvaults are being used to store secrets and this info is only returned when describing keyvaults, not listing them. Another use case for the describe info is authoring a policy that checks the expiration date for secrets stored in keyvaults as part of a CIS check. The info is also needed to see if keys in the keyvault are expiring. Many use cases for this
Extra information or context
There is no workaround at this time to pull back this needed info.
The text was updated successfully, but these errors were encountered:
Describe the feature
Currently the Azure keyvault resource is just doing a list on keyvaults which doesn't return enough resource information to author useful policies. By adding a describe filter to keyvaults or changing the default scan behavior from list to describe there will be a lot more info to filter on and author policies from. One policy example that I need this for is the Azure CIS policy to check if keyvaults are being used to store secrets and this info is only returned when describing keyvaults, not listing them. Another use case for the describe info is authoring a policy that checks the expiration date for secrets stored in keyvaults as part of a CIS check. The info is also needed to see if keys in the keyvault are expiring. Many use cases for this
Extra information or context
There is no workaround at this time to pull back this needed info.
The text was updated successfully, but these errors were encountered: