Azure Key Vault gets unexpected requests

Dawid Zyrek 26 Reputation points

Recently, we've created few Key Vaults with using them in future in mind. Right now, no piece of our code uses them, but we've still seen some activity in form of ~50 to 100 requests to those Vaults per day. It was a little odd I thought, so I enabled logging, gathered some of them and unexpectedly - most of those request are done by me. I see a bunch of "VaultGet" operations with my identity as a caller. I assume that means those logs come from actions on vault in right?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
706 questions
No comments
{count} votes

Accepted answer
  1. JamesTran-MSFT 27,501 Reputation points Microsoft Employee

    @Dawid Zyrek
    Thank you for the detailed post!

    If you're the only user allowed access to the Key Vault via the Access Policies and have only been accessing the Key Vault via the Azure Portal, those logs should only be actions from the Portal. If you've ever used the Azure Key Vault REST API to access the key vault, I wasn't able to find any distinction between the two VaultGet calls, when reviewing the logs since the Azure Portal uses the REST API calls as well.

    If you'd like to provide some sort of distinction when reviewing logs, you can leverage other Key Vault authentication options such as application-only, using another user, or the Application-plus-user (sometimes referred as compound identity).

    Example of compound identity:
    The user is required to access the key vault from a specific application and the application must use the on-behalf-of authentication (OBO) flow to impersonate the user.

    Additional Link:
    The Key Vault request operation flow with authentication

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.


    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful