Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
705 questions
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
As per the Microsoft documentation (https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/resource-logs-categories#microsoftkeyvaultmanagedhsms), Microsoft.KeyVault/managedHSM support integration with diagnostic settings by logging AuditEvents, something like:
resource mhsmsDiagnosticSettings 'Microsoft.Insights/diagnosticSettings@2017-05-01-preview' = [for i in range(0, managedHSMCount): {
name: 'mhsm-diagnostics'
scope: mhsms[i] // array of Microsoft.KeyVault/managedHSMs@2021-10-01
properties: {
eventHubAuthorizationRuleId: eventHubAuthorizationRuleId
eventHubName: eventHubName
metrics: [
{
category: 'AllMetrics'
enabled: true
}
]
// https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/resource-logs-categories#microsoftkeyvaultmanagedhsms
logs: [
{
category: 'AuditEvent'
enabled: true
retentionPolicy: {
days: 5
enabled: true
}
}
]
}
}]
My question here is: do we have any plan to allow filtering the Audit Events allowed to log? Currently they are overloading my logs with a lot of stuff that I would like to ignore.