automate key rotation for azure resources

Tushar 1 Reputation point
2021-02-23T10:15:39.827+00:00

i want to create a funcntion that can automate the rotation of keys when they are about to expire in keyvault.

basically i want that when a key is about to expire in keyvault it generates an event which in turn regenerate the key for the specific resource and rotatate the secret in the keyvault hence making it automatic.

i need the code in c# for all azure resources.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,105 questions
Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,231 questions
Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,111 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,361 Reputation points Microsoft Employee
    2021-02-25T19:18:48.477+00:00

    @Tushar
    Thank you for your time and patience throughout this issue! I received a response from our engineering team and will post their update below.

    Update:
    As of right now, we don't plan to build those functions for all providers. In recent revisions we actually switched to PowerShell, since it provides more flexibility in editing/debugging right from Portal. Our current strategy is to provide few examples and the template for either customers, open source community or individual RPs engineers to create.

    We do have a few ready to use functions, which can be found in our open source community (Redis, Storage, CosmosDB and template).

    Video of automating secret rotation in Azure Key Vault:
    https://www.youtube.com/watch?v=qcdVbXJ7e-4&feature=youtu.be

    Disclaimer:
    Each application is licensed to you by its owner (which may or may not be Microsoft) under the agreement which accompanies the application. Microsoft is not responsible for any non-Microsoft code and does not screen for security, compatibility, or performance. The applications are not supported by any Microsoft support program or service. The applications are provided AS IS without warranty of any kind.

    Since we currently don't have any C# examples or documentation, I'd recommend create a feature request by leveraging our User Voice forum so our engineering team can look into implemented this.

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.