Enable Logging for Each New DTL Key Vault

Ansalizz 21 Reputation points
2020-01-11T00:45:22.353+00:00

Hi there--new to Azure DevTest Labs (DTL),

I know that DTL creates a new key vault for any user who stores secrets.

For security purposes, I would like to enable logging for each new key vault created by DTL (who accessed the key vault and when, etc). We have been doing this manually for key vaults that we create ourselves by creating a storage account for a given region, enabling diagnostic auditing for the given key vault, and then directing the generated logs to be stored in the storage account with the corresponding region.

My question is: is there a way to automatically configure settings like this for the key vaults created by DTL?

If not, and we have to create our own tooling, is there some sort of alerting that exists that can notify us whenever DTL creates a new key vault in a subscription? That way, we can trigger enabling logging ourselves without constantly polling for new key vaults.

I would appreciate any help you can give :)

Azure DevTest Labs
Azure DevTest Labs
An Azure service that is used for provisioning development and test environments.
262 questions
0 comments No comments
{count} votes

Accepted answer
  1. Monalla-MSFT 12,761 Reputation points
    2020-01-16T15:06:18.65+00:00

    Hello Ansalizz,

    Thank you for reaching out to us and Sorry for the delay in response.

    Short answer: There is no way to automatically configure settings for the key vaults DTL creates today, as you will not have access to the Key Vault at creation.

    However, yes there may be a way using Event Grid, to notify when the Key Vault is created.

    I hope this information helps.

    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful