question

nimishmehta8779-7855 avatar image
nimishmehta8779-7855 asked ·

Not able to enforce azure policy for for keyvault

I am trying to implement azure custom policy for key vault where I want to enforce user to enable nbf and exp, without that it shouldn't be allowed. It directly comes as compliance without showing any resource validation. There is also no reference of activity logs and event in azure policy and Keyvault.

"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.KeyVault/vaults"
},
{
"anyOf": [
{
"field": "Microsoft.KeyVault/vaults/secrets/attributes.enabled",
"notEquals": "true"
},

         {
           "field": "Microsoft.KeyVault/vaults/secrets/attributes.nbf",
           "equals": "null"
         },

         {
           "field": "Microsoft.KeyVault/vaults/secrets/attributes.exp",
           "equals": "null"
         },

      ]

     }
   ]
 },
 "then": {
   "effect": "Deny"
 }
azure-policy
1 comment
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @nimishmehta8779-7855 , as this is a custom policy , the best channel to assist will be our Azure technical support. Requests for technical support require a support plan.
If you do not have a support plan, send mail to AzCommunity@microsoft.com including your subscirption ID and a link to this post/thread for reference and we will gladly assist you further.

Also wanted to confirm your customization is based on the Azure Policy integration with Key vault described here.

Looking forward to your repsonse,

Cheers.


0 Votes 0 · ·

1 Answer

KenievaMSFT-5537 avatar image
KenievaMSFT-5537 answered ·

Key Vault keys and secrets are current not available for enforcement. Built-in policies will be available in the next month or so. Custom policies don't have an ETA at the moment.

Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.