question

pallab avatar image
0 Votes"
pallab asked MayankBargali-MSFT commented

Creating a Logic App to remind Key Vault key Expiry

We are using CMK for our Storage Accounts. We would like to set up some kind of a reminder so that email is sent out 30 days before the key expiry to designated email accounts. I was told that there is an Event Grid connector which i can use to achieve this along with Logic Apps.
So i am trying to design the Logic Apps, but i am not able to login to my Outlook account to configure the email from where i can send the reminder email.
Can anyone let me know why the login to Outlook is not working even after putting the right email address and password.97229-logic-app-error.jpg

I have attached the screenshot of the error message


azure-logic-apps
logic-app-error.jpg (70.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MayankBargali-MSFT avatar image
0 Votes"
MayankBargali-MSFT answered MayankBargali-MSFT commented

@pallab I will suggest you to verify if there is any adblock or extension on your browser that is blocking the request. If there is any then please try disabling it and retry the operation.

I will also suggest you to try a different browser and incognito window to see if it helps you. If you are using the Safari browser then the suggestion would be testing with other browsers or disabling the "Prevent cross-site scripting" setting in their Safari browser.

· 10
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Actually the issue was i was using Office365 Outlook along with my personal outlook.com email address. The option i should have chosen was Outlook.com. So it worked now. I have another question. I have configured the Logic App now along with Event Grid Trigger for the key expiry. But i am not receiving the alert. As you can see above in the screenshot , the Trigger is "Microsoft.KeyVault.KeyNearExpiry".
So to simulate this, i created a key yesterday inside my Azure KV with expiry date just one month after so that i can receive the alert. But i haven't got any mail in my Gmail still .
I have given RBAC role "Key Vault Reader" to my Logic App "Secret Reminder" to the Key Vault. Is this the correct RBAC role that i need to specify on the Key Vault? Also, anything that i am missing here. Appreciate any help97541-rbac-kv.jpg


0 Votes 0 ·
rbac-kv.jpg (27.9 KiB)

@pallab Thanks for the update. Can you please confirm whether the logic app was triggered or not? I think you are only using the response from the "When a resource event occurs" trigger. The logic app should have trigger 30 days before the expiration date for the event Microsoft.KeyVault.KeyNearExpiry. As per the key vault document I don't see any permission that you need to explicitly specify. I have tested the setup at my end and observed that the logicapp gets triggered. The suggestion would be to first verify whether the logic app was triggered or not. If yes, then check the history of that execution whether it was failed or not. If failed then at which action.

98680-image.png


0 Votes 0 ·
image.png (56.2 KiB)
pallab avatar image pallab MayankBargali-MSFT ·

@MayankBargali-MSFT Hi mayank, i want the Logic App to remind me of my Storage Account Customer Managed Key. So it is a key and not a secret. So shouldn't i be using in the Event Type " Microsoft.KeyVault.KeyNearExpiry" ? This is a CMK and not a secret. I created another CMK yesterday with 30 days expiry, but i don't see any email.
I only get the email when i go to Overview and Trigger the Logic App manually. Automatic mail i didn't get even though i created a new key exactly with 30 days expiry.
So now i have created a secret also with 30 day expiry and added that as a second event as you mentioned.

I will see if i get the email or not for Secret. Any troubleshooting that i can do, or refer to any logs?
I don't see any history in the "Runs History" apart from my manually runned ones.98705-logic-app.jpg


98733-logic-app.jpg


0 Votes 0 ·
logic-app.jpg (58.0 KiB)
Show more comments