question

Ansalizz-2815 avatar image
0 Votes"
Ansalizz-2815 asked ·

Enable Logging for Each New DTL Key Vault

Hi there--new to Azure DevTest Labs (DTL),

I know that DTL creates a new key vault for any user who stores secrets.

For security purposes, I would like to enable logging for each new key vault created by DTL (who accessed the key vault and when, etc). We have been doing this manually for key vaults that we create ourselves by creating a storage account for a given region, enabling diagnostic auditing for the given key vault, and then directing the generated logs to be stored in the storage account with the corresponding region.

My question is: is there a way to automatically configure settings like this for the key vaults created by DTL?

If not, and we have to create our own tooling, is there some sort of alerting that exists that can notify us whenever DTL creates a new key vault in a subscription? That way, we can trigger enabling logging ourselves without constantly polling for new key vaults.

I would appreciate any help you can give :)

azure-devtestlabs
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Monalla-MSFT avatar image
1 Vote"
Monalla-MSFT answered ·

Hello Ansalizz,

Thank you for reaching out to us and Sorry for the delay in response.

Short answer: There is no way to automatically configure settings for the key vaults DTL creates today, as you will not have access to the Key Vault at creation.

However, yes there may be a way using Event Grid, to notify when the Key Vault is created.

I hope this information helps.

Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.