turbot/azure

steampipe plugin install azuresteampipe plugin install azure
On This Page
Get Involved

Table: azure_key_vault_key

Azure Key Vault Keys are 'Cryptographic keys' used to encrypt information without releasing the private key to the consumer. It acts like a black box to encrypt and decrypt content using the RSA algorithm. The RSA algorithm, involves a public key and private key.

Examples

Basic info

select
name,
vault_name,
enabled,
created_at,
updated_at,
key_type,
location
from
azure_key_vault_key;

List disabled keys

select
name,
vault_name,
enabled
from
azure_key_vault_key
where
not enabled;

List keys with no expiration time set

select
name,
enabled,
expired_at
from
azure_key_vault_key
where
expired_at is null;

List keys which have never been updated

select
name,
enabled,
created_at,
updated_at
from
azure_key_vault_key
where
enabled
and age(updated_at, created_at) = '00:00:00';

Count the number of keys by key vault

select
vault_name,
count(vault_name) as count
from
azure_key_vault_key
group by
vault_name;

.inspect azure_key_vault_key

Azure Key Vault Key

NameTypeDescription
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
created_attimestamp without time zoneSpecifies the time when the key is created.
curve_nametextThe elliptic curve name. Possible values are: 'P256', 'P384', 'P521', 'P256K'.
enabledbooleanIndicates whether the key is enabled, or not.
expires_attimestamp without time zoneSpecifies the time when the key wil expire.
idtextContains ID to identify a key uniquely.
key_opsjsonbA list of key operations.
key_sizebigintThe key size in bits.
key_typetextThe type of the key. Possible values are: 'EC', 'ECHSM', 'RSA', 'RSAHSM'.
key_uritextThe URI to retrieve the current version of the key.
key_uri_with_versiontextThe URI to retrieve the specific version of the key.
locationtextAzure location of the key vault resource.
nametextThe friendly name that identifies the key.
not_beforetimestamp without time zoneSpecifies the time before which the key is not usable.
recovery_leveltextThe deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval.
regiontextThe Azure region/location in which the resource is located.
resource_grouptextThe resource group which holds this resource.
subscription_idtextThe Azure Subscription ID in which the resource is located.
tagsjsonbA map of tags for the resource.
titletextTitle of the resource.
typetextType of the resource
updated_attimestamp without time zoneSpecifies the time when the key was last updated.
vault_nametextThe friendly name that identifies the vault.