This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 25%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
we are looking for a mechanism to alert on Keyvault Key\Secret\Certificate when it is nearby expiry without using any automation(runbook\Webhook)
is there any possibility?
Hi Prashanth,
Take a look at this post, it mentions there are already built in methods for notification of expired keys.
Regards,
Hi David,
thanks for quick response, can we deploy policy and create alerts?
we have verified Event grid option, but it needs webhook, we are looking for an option to alert us without any script or Automation related task.
Thank you for your post and I apologize for the delayed response!
I understand that you're trying to create alerts based off a Certificate's expiration date without having to use any automation such as a runbook, webhook, etc. To hopefully help point you in the right direction or resolve your issue, I'll share my findings below.
Findings:
You can automate alerts without the need for additional automation resources (i.e. runbook/webhook) by adding certificate contact(s) to your Key Vault and configuring notifications for certificate life events.
Note: The contact's information is shared by all the certificates in the key vault and a notification is sent to all the specified contacts for an event for any certificate in the key vault.Get notified about certificate expiration:
Note: For existing Certificates, you'll need to manually update the Issuance Policy from Automatic to Email.If a certificate's policy is set to auto renewal, then a notification is sent on the following events:
When a certificate policy is set to be manually renewed (email only), a notification is sent when it's time to renew the certificate.
Additional Links:
I hope this helps!
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
@JamesTran-MSFT thanks for your help, need some more time to confirm while I am validating.
https://learn.microsoft.com/en-us/azure/key-vault/general/event-grid-logicapps
I tried using Logic app's but did not receive any email.
Validated the process twice, pre-req all looks good.
Thank you for following up on this!
To gain a better understanding of your issue and why your Logic App didn't send an email:
Since you're internal to Microsoft, I'd also recommend reaching out to our Key Vault team directly via their distribution list or Teams Channel so their experts can also take a closer look into your issue.
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
have created two different Logic app's to see any settings are misconfigured but no luck.
not sure where should I check for errors.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 81%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGO%3C/text%3E%3C/svg%3E)
Hi Team,
What is the privilege's required to create logic app in azure ?
Iam getting error while creating connection with my id
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 7.000000000000001%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERY%3C/text%3E%3C/svg%3E)
Certificates have an issuance policy, but secrets have not. If you want this on secrets, this blog post can work for it. I have not tried this from end to end, but I succeeded in query SecretNearExpiry operation in the log analytics workspace. This is promising: https://medium.com/version-1/azure-key-vault-secret-expiry-notifications-using-azure-alerts-e6930d3f135d