Product logo
DocsBlogPricing

@turbot/azure-keyvault

The azure-keyvault mod contains resource, control and policy definitions for Azure Key Vault service.

Version
5.13.0
Released On
Apr 17, 2024
Depends On

Resource Types

Control Types

Policy Types

Release Notes

5.13.0 (2024-04-17)

What's new?

  • You can now configure expiration for secrets. To get started, set the Azure > Key Vault > Secret > Expiration > * policies.

Control Types

  • Azure > Key Vault > Key > Expiration
  • Azure > Key Vault > Secret > Expiration

Policy Types

  • Azure > Key Vault > Key > Expiration
  • Azure > Key Vault > Key > Expiration > Days [Default]
  • Azure > Key Vault > Secret > Expiration
  • Azure > Key Vault > Secret > Expiration > Days [Default]

Action Types

  • Azure > Key Vault > Key > Set Expiration
  • Azure > Key Vault > Secret > Set Expiration

5.12.0 (2024-02-05)

What's new?

  • We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

5.11.0 (2023-06-16)

What's new?

  • Resource's metadata will now also include createdBy details in Turbot CMDB.
  • README.md file is now available for users to check details about the resource types and service permissions that the mod covers.

5.10.0 (2023-05-12)

What's new?

  • CMDB data for Keys now also includes details about the Key's Rotation Policy.

5.9.0 (2023-03-13)

Control Types

  • Azure > Key Vault > Vault > Purge Protection

Policy Types

  • Azure > Key Vault > Vault > Purge Protection

Action Types

  • Azure > Key Vault > Vault > Update Purge Protection

5.8.1 (2022-10-21)

Bug fixes

  • We've updated the runtime of the lambda functions to node 16. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

5.8.0 (2022-02-17)

What's new?

  • Users can now create their own custom checks against resource attributes in the Approved control using the Approved > Custom policy. These custom checks would be a part of the evaluation of the Approved control. Custom messages can also be added which are then displayed in the control details table. See Custom Checks for more information.

Bug fixes

  • We've improved the process of deleting resources from Guardrails if their CMDB policy was set to Enforce: Disabled. The CMDB controls will now not look to resolve credentials via Guardrails' IAM role while deleting resources from Turbot. This will allow the CMDB controls to process resource deletions from Guardrails more reliably than before.

Policy Types

  • Azure > Key Vault > Key > Approved > Custom
  • Azure > Key Vault > Secret > Approved > Custom
  • Azure > Key Vault > Vault > Approved > Custom

5.7.0 (2021-08-17)

What's new?

  • We've improved the details tables in the Tags controls to be more helpful, especially when a resource's tags are not set correctly as expected. Previously, to understand why the Tags controls were in an Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • We've made a few improvements in the GraphQL queries for various router actions. You won't notice any difference, but things should run lighter and quicker than before.

5.6.0 (2021-04-15)

What's new?

  • We've improved the state reasons and details tables in various Approved and Active controls to be more helpful, especially when a resource is unapproved or inactive. Previously, to understand why one of these controls is in Alarm state, you would need to find and read the control's process logs. This felt like too much work for a simple task, so now these details are visible directly from the control page.

Bug fixes

  • The Azure > Keyvault > Secret > CMDB control would go into an error state if the creation date of the secret was unavailable in its CMDB data. This issue has now been fixed.

5.5.3 (2021-01-22)

Bug fixes

  • Controls run faster now when in the tbd and skipped states thanks to the new Guardrails Precheck feature (not to be confused with TSA PreCheck). With Guardrails Precheck, controls avoid running GraphQL input queries when in tbd and skipped, resulting in faster and lighter control runs.

5.5.2 (2021-01-16)

Bug fixes

  • The Azure > Key Vault > Key > Discovery, Azure > Key Vault > Key > CMDB, Azure > Key Vault > Secret > Discovery and Azure > Key Vault > Secret > CMDB controls will now automatically re-run every 6 hours instead of 24 to identify and update keys and secrets more frequently since Azure does not currently support real-time events for these resources.

5.5.1 (2020-11-03)

Bug fixes

  • We've updated the Discovery controls for resources to now move to skipped instead of invalid if the provider is disabled in the subscription and the Azure > Provider > {service} > Registered policy is checking if the provider is disabled. This will reduce the amount of noisy controls that cannot be easily resolved without making changes to the provider.

5.5.0 (2020-10-22)

What's new?

  • We've made improvements to how Approved controls interact with CMDB policies and controls for more reliable approved checks. Now, if a resource's CMDB policy is set to Skip, its Approved control will move to invalid to prevent the Approved control from making a decision based on outdated information. Also, Approved controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available.

5.4.0 (2020-10-08)

What's new?

  • We've made improvements to how Active controls interact with CMDB policies and controls for more reliable active checks. Now, if a resource's CMDB policy is set to Skip, its Active control will move to invalid to prevent the Active control from making a decision based on outdated information. Also, Active controls will now wait until the resource's CMDB control has run at least once to ensure the required data is available.

5.3.0 (2020-08-27)

What's new?

  • Discovery controls now have their own control category, CMDB > Discovery, to allow for easier filtering separately from other CMDB controls.
  • We've renamed the service's default regions policy from Regions [Default] to Regions to be consistent with our other regions policies.

5.2.3 (2020-07-24)

Bug fixes

  • When deleting inactive resources through an Active control, different warning periods in days can be set to delay deletion. We recently identified a bug that would cause these warning periods to be ignored, and any inactive resources would be deleted immediately. This bug has been fixed and now all Active controls will abide by the warning period set in the policy value.

5.2.2 (2020-06-04)

What's new?

  • All resource Router actions now run even if Guardrails is outside of its allowed change window. This allows Guardrails to maintain an up-to-date CMDB by handling resource updates at all times. Note that this only affects Guardrails' ability to process resources changes that were made in the cloud provider - enforcement actions are still disabled outside of the change window.

5.2.1 (2020-05-26)

Bug fixes

  • Links to documentation in the descriptions for several controls and policies were broken. These links have now been fixed.