Table: azure_key_vault_deleted_vault - Query Azure Key Vaults using SQL
Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys. Azure Key Vault handles requesting and renewing Transport Layer Security (TLS) certificates.
Table Usage Guide
The azure_key_vault_deleted_vault table provides insights into the deleted vaults within Azure Key Vault. As a security analyst, explore vault-specific details through this table, including deletion dates, recovery levels, and associated metadata. Utilize it to uncover information about deleted vaults, such as their scheduled purge dates, recovery ids, and the geographical location of the vaults.
Examples
Basic info
Discover the segments that have been deleted from your Azure Key Vault, including when they were deleted and when they are scheduled for permanent removal. This can be useful for auditing purposes, ensuring data integrity, and managing your digital assets.
select name, id, type, deletion_date, scheduled_purge_datefrom azure_key_vault_deleted_vault;select name, id, type, deletion_date, scheduled_purge_datefrom azure_key_vault_deleted_vault;List deleted vaults with scheduled purge date more than 1 day
Explore which Azure Key Vaults have been deleted but are scheduled for purge after more than one day. This can be useful for reviewing and managing your data retention and recovery strategies.
select name, id, type, deletion_date, scheduled_purge_datefrom azure_key_vault_deleted_vaultwhere scheduled_purge_date > (current_date - interval '1' day);select name, id, type, deletion_date, scheduled_purge_datefrom azure_key_vault_deleted_vaultwhere date(scheduled_purge_date) > date('now', '-1 day');Schema for azure_key_vault_deleted_vault
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| cloud_environment | text | The Azure Cloud Environment. | |
| deletion_date | timestamp with time zone | The deleted date of the vault. | |
| id | text | Contains ID to identify a deleted vault uniquely. | |
| name | text | = | The friendly name that identifies the deleted vault. |
| region | text | = | The Azure region/location in which the resource is located. |
| resource_group | text | The resource group which holds this resource. | |
| scheduled_purge_date | timestamp with time zone | The scheduled purged date of the vault. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
| tags | jsonb | A map of tags for the resource. | |
| title | text | Title of the resource. | |
| type | text | Type of the resource. | |
| vault_id | text | The resource id of the original vault. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_key_vault_deleted_vault