Enable Logging for Each New DTL Key Vault

Ansalizz 21 Reputation points
2020-01-11T00:45:22.353+00:00

Hi there--new to Azure DevTest Labs (DTL),

I know that DTL creates a new key vault for any user who stores secrets.

For security purposes, I would like to enable logging for each new key vault created by DTL (who accessed the key vault and when, etc). We have been doing this manually for key vaults that we create ourselves by creating a storage account for a given region, enabling diagnostic auditing for the given key vault, and then directing the generated logs to be stored in the storage account with the corresponding region.

My question is: is there a way to automatically configure settings like this for the key vaults created by DTL?

If not, and we have to create our own tooling, is there some sort of alerting that exists that can notify us whenever DTL creates a new key vault in a subscription? That way, we can trigger enabling logging ourselves without constantly polling for new key vaults.

I would appreciate any help you can give :)

Azure DevTest Labs
Azure DevTest Labs
An Azure service that is used for provisioning development and test environments.
255 questions
0 comments
Accepted answer
  1. Monalla-MSFT 11,551 Reputation points
    2020-01-16T15:06:18.65+00:00

    Hello Ansalizz,

    Thank you for reaching out to us and Sorry for the delay in response.

    Short answer: There is no way to automatically configure settings for the key vaults DTL creates today, as you will not have access to the Key Vault at creation.

    However, yes there may be a way using Event Grid, to notify when the Key Vault is created.

    I hope this information helps.

    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest