turbot/azure

steampipe plugin install azuresteampipe plugin install azure
azure_ad_groupazure_ad_service_principalazure_ad_userazure_api_managementazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_application_security_groupazure_batch_accountazure_compute_availability_setazure_compute_diskazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_virtual_machineazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_compute_virtual_machine_scale_setazure_container_registryazure_cosmosdb_accountazure_cosmosdb_mongo_databaseazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_data_lake_analytics_accountazure_data_lake_storeazure_diagnostic_settingazure_eventhub_namespaceazure_express_route_circuitazure_firewallazure_iothubazure_key_vaultazure_key_vault_deleted_vaultazure_key_vault_keyazure_key_vault_managed_hardware_security_moduleazure_key_vault_secretazure_kubernetes_clusterazure_lbazure_lb_backend_address_poolazure_lb_nat_ruleazure_lb_outbound_ruleazure_lb_probeazure_lb_ruleazure_locationazure_log_alertazure_log_profileazure_logic_app_workflowazure_management_lockazure_mariadb_serverazure_mssql_elasticpoolazure_mssql_managed_instanceazure_mysql_serverazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_serverazure_providerazure_public_ipazure_recovery_services_vaultazure_redis_cacheazure_resource_groupazure_resource_linkazure_role_assignmentazure_role_definitionazure_route_tableazure_search_serviceazure_security_center_auto_provisioningazure_security_center_contactazure_security_center_jit_network_access_policyazure_security_center_settingazure_security_center_subscription_pricingazure_servicebus_namespaceazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_tableazure_storage_table_serviceazure_stream_analytics_jobazure_subnetazure_subscriptionazure_tenantazure_virtual_networkazure_virtual_network_gateway

Table: azure_compute_disk_encryption_set

Disk Encryption Set simplifies the key management for managed disks. When a disk encryption set is created, a system-assigned managed identity is created in Azure Active Directory (AD) and associated with the disk encryption set.

Examples

Key vault associated with each disk encryption set

select
name,
split_part(active_key_source_vault_id, '/', 9) as vault_name,
split_part(active_key_url, '/', 5) as key_name
from
azure_compute_disk_encryption_set;

List of encryption sets which are not using customer managed key

select
name,
encryption_type
from
azure_compute_disk_encryption_set
where
(
encryption_type <> 'EncryptionAtRestWithPlatformAndCustomerKeys'
and encryption_type <> 'EncryptionAtRestWithCustomerKey'
);

Identity info of each disk encryption set

select
name,
identity_type,
identity_principal_id,
identity_tenant_id
from
azure_compute_disk_encryption_set;

.inspect azure_compute_disk_encryption_set

Azure Compute Disk Encryption Set

NameTypeDescription
active_key_source_vault_idtextResource id of the KeyVault containing the key or secret
active_key_urltextUrl pointing to a key or secret in KeyVault
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
encryption_typetextContains the type of the encryption
idtextThe unique id identifying the resource in subscription
identity_principal_idtextThe object id of the Managed Identity Resource
identity_tenant_idtextThe tenant id of the Managed Identity Resource
identity_typetextThe type of Managed Identity used by the DiskEncryptionSet
nametextThe friendly name that identifies the disk encryption set
previous_keysjsonbA list of key vault keys previously used by this disk encryption set while a key rotation is in progress
provisioning_statetextThe disk encryption set provisioning state
regiontextThe Azure region/location in which the resource is located.
resource_grouptextThe resource group which holds this resource.
subscription_idtextThe Azure Subscription ID in which the resource is located.
tagsjsonbA map of tags for the resource.
titletextTitle of the resource.
typetextThe type of the resource in Azure