I need to set up an automated solution to keep track of all Key Vault certificates that are nearing their expiration dates. We're managing over 270 Key Vaults across around 70 subscriptions, and I want to generate a weekly report to share with clients that lists these upcoming expirations. Does anyone have suggestions for an efficient approach to achieve this? Also, if you have any best practices or documents that could help, that would be awesome. Thanks in advance!
5 Answers
I'm working on a proof of concept where I've set up a Logic App that runs a PowerShell script, which emails the results. It's a bit rough around the edges, but it’s a good base for gathering the data you need.
You might want to look into assigning a policy in audit mode to keep track of the key vaults. There's a detailed guide available that could be beneficial, though keep in mind that ARG doesn’t support key vault contents directly, which could be a limitation.
I’m currently evaluating using an Automation account and integrating with ServiceNow for ticket creation. It seems to be a solid direction for handling notifications regarding certificate expirations.
That sounds promising! I'd love to see how that pans out.
You can get this info through the Azure API and using batching methods will optimize your performance for checking multiple vaults at once. There’s a tutorial out there that can guide you through this process.
A good place to start is by checking out the Azure documentation on certificate expiration notifications. It explains how to get notified when certificates are close to expiring, which could be very helpful for your automation needs.
Sounds like a good start! Automated emails will definitely help keep everyone informed.