Currently certificates management supports email notification when certificates are expiring. Wouldn't it be great to have the same functionality for keys and secrets?193 votes
Key Vault Notification feature is currently in Public Preview and available in all public regions.
Notification overview :
So ideally a user could create a key in a vault then be allowed to navigate to a resources credentials and store the password or username as the key value. This avoids credentials going out if date if users have build an API that calls secrets via AAD tokens. I'd use it for storage accounts,SQL servers etc.2 votes
Make it possible with an ARM template to set an Access Policy for a Application Registration Principal
After submitting a ticket and working with MS Support, I learned that the only way to associate an Access Policy with an AD Registered Application, was to use a 'Hidden Id' for that application. No combination of the Object Id as displayed in the Portal, or the Application Id as displayed in the Portal for that AD application registration, will result in a usable Access Policy (it does not error, and the portal actually shows the policy (though it looks different then one created via the portal), however it will not work when used. As far as I've been able to determine, the only way to obtain this 'hidden id', is using the -PassThru argument while running AzureRmKeyVaultAccessPolicy, which at this point the Key vault must already exist, and it creates the access policy so this is useless for use in an Arm template that you want to create the initial key vault with. If there is some other way to obtain this hidden id, that would be a start, ideally if it was visible from the portal. Ideally, some more intuitive way, such as the ApplicationId that exists in the Arm template (though what it is for I don't know), would of course be better.
I have attached some of the relevant information from the ticket.
After submitting a ticket and working with MS Support, I learned that the only way to associate an Access Policy with an AD Registered Application, was to use a 'Hidden Id' for that application. No combination of the Object Id as displayed in the Portal, or the Application Id as displayed in the Portal for that AD application registration, will result in a usable Access Policy (it does not error, and the portal actually shows the policy (though it looks different then one created via the portal), however it will not work when used. As far as I've been able…18 votes
The individual key vault page shows several key metrics (total requests, average latency, success ratio) and even the "Metrics (preview)" (when accessed via the key vault page) shows the same metrics (albeit with a different name).
However, these metrics cannot be access via the Metrics (either current GA or preview) blade. Nor can they be accessed via the Azure CLI.
It would be useful to be able to correlate key vault metrics with other service metrics (such as app services), to do this it is necessary to have the data accessible via the metrics blade or the CLI.1 vote
When you open a particular secret tab you first need to make it visible and only then you are able to copy the value.
Please add a button to copy the value without showing the value.5 votes
I'm using key vault as a central key/value configuration repository. I have a lot of configuration keys, so navigating the vault has become tricky.
It would be really great if there was some form of cosmetic layer over the top, so that similar items could be grouped, to make navigation easier.47 votes
My coworker sometimes set up Azure Agent Backup, though he does not have azure portal login accont.
So when he set up Azure Agent Backup, I need to download the vault credential and pass it to him every time.
Because of this, my coworker cannot set up Azure Agent Backup when I cannot pass him a vault credential.
So I want to download a vault credential without login to Azure portal.2 votes
If a company has a single KeyVault which holds dev and production keys, as long as you access the keyvault through a valid access policy and key can be used (for the usages mentioned in the access policy).6 votes
currently when delegating permissions to secrets and keys to groups the group name is not published into the "displayname" attribute of the vault key. only the object ID exists. nightmare for role segregation mgmt.1 vote
You can currently backup / restore keys from Keyvault. it would be helpful to be able to provide backup/ restore functionality and roles for Secrets.
the current design assumption is these would also be stored within an on-prem password vault or documentation or equivalent. however operational best practice varies across companies as such a catch all should allow the backup and restore of secrets as you can with KEYS.2 votes
Provide access to the RNG under KeyVault16 votes
In Payment Industry, cryptographic keys that are used to encrypt PIN from credit/debit cards are TripleDES (sometimes with DUKPT) based. Currently, KeyVault only support RSA keys.
Please add support to it.75 votes
- Don't see your idea?