Azure Key Vault Governance using Azure Policy

  • Enforce that secret (e.g., passwords) are rotated every 90 days (expires)
  • A tool to notify the teams that a secret expires in 7 days
  • The key allowed for encryption is RSA — HSM only or ECC — HSM
  • The key should have a minimum key size
  • The key validity period is a maximum of 180 days.
  • The certification authority is limited only to a specific authority
  • The certification expires after 356 days
  • A mechanism to notify the teams that the certificate expires in a 30 day
  • Deny: But defining a deny policy, the creation of a specific item is blocked. For example, creating a key in Azure Key Vault that is under the minimum key size.
  • Audit: This allows creating items that do not comply with the policy and trigger an alert that can notify another system or group of people.

--

--

--

Technology enthusiast that runs away from stupidity and enjoy the simple life of the cloud era. Speaker, traveler and crafter, he is a wine and coffee lover

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

An end-to-end ML pipeline on-prem: Notebooks & Kubeflow Pipelines on the new MiniKF

Panorama: Open edX™ Analytics Reimagined by Aulaneo

An Introduction to Window Functions

10 Years of WebRTC — 9 Successful WebRTC Applications

What is Big-O Notation and how is it used in programming?

Deploying Spinnaker on GKE

Parabola

Kubeflow Cloud Deployment (AWS)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Radu Vunvulea

Radu Vunvulea

Technology enthusiast that runs away from stupidity and enjoy the simple life of the cloud era. Speaker, traveler and crafter, he is a wine and coffee lover

More from Medium

Basic-Create Azure Resource Group using Terraform

Grafana with Azure AD Authentication

Azure Storage, terraform and a tale of 404 StorageAccountNotFound

Azure Kubernetes (AKS) Events with Azure Log Analytics