Download PDF
Download page Azure Key Vaults.
Azure Key Vaults
Azure Key Vault is a cloud service for securely storing and accessing secrets.
You must configure cloud connections to monitor this entity. See Configure Azure Cloud Connection.
Cisco Cloud Observability displays Azure entities on the Observe page. Metrics are displayed for specific entity instances in the list and detail views.
This document contains references to third-party documentation. Splunk AppDynamics does not own any rights and assumes no responsibility for the accuracy or completeness of such third-party documentation.
Detail View
To display the detail view for an Azure Key Vault instance:
- Navigate to the Observe page.
- Under Security, click Azure Key Vaults.
The list view now displays. - Click an instance Name to display the detail view.
The detail view displays metrics, key performance indicators, and properties (attributes) related to the instance you selected.
Metrics and Key Performance Indicators
Cisco Cloud Observability displays the following metrics and key performance indicators (KPIs) for Azure Key Vault. See Supported metrics for Microsoft.KeyVault/vaults.
| Display Name | Source Metric Name | Description |
| Overall Vault Availability (%) | Availability | Vault requests availability. |
| Overall Vault Saturation (%) | SaturationShoebox | Vault capacity used. |
| Total Service API Hits (Count) | ServiceApiHit | Number of total service API hits. |
| Overall Service API Latency (ms) | ServiceApiLatency | Overall latency of service API requests. |
| Total Service API Results (Count) | ServiceApiResult | Number of total service API results. |
Properties (Attributes)
Cisco Cloud Observability displays the following properties for Azure Key Vault.
| Display Name | Property Name | Description |
|---|---|---|
| Enable Purge Protection | azure.key_vault.enable_purge_protection | Specifies whether the purge protection is enabled for the key vault. When enabled, the key vault is protected from permanent deletion for a specified retention period. |
| Enable RBAC Authorization | azure.key_vault.enable_rbac_authorization | Specifies whether RBAC authorization should be enabled for the key vault. If set to true, access to the key vault is controlled by Azure Role-Based Access Control. |
| Enable Soft Delete | azure.key_vault.enable_soft_delete | Specifies whether soft delete is enabled for the Key Vault. When soft delete is enabled, deleted vaults are retained for a specified period of time, allowing for recovery of the vault and its contents. |
| Enabled for Deployment | azure.key_vault.enabled_for_deployment | Specifies whether the key vault is enabled for deployment or not. |
| Enabled For Disk Encryption | azure.key_vault.enabled_for_disk_encryption | Indicates whether the key vault is enabled for disk encryption or not. |
| Enabled for Template Deployment | azure.key_vault.enabled_for_template_deployment | Specifies whether the key vault is enabled for deployment using Azure Resource Manager templates. If set to true, the key vault can be included in a template deployment. |
| HSM Pool Resource ID | azure.key_vault.hsm_pool_resource_id | The resource ID of the dedicated hardware security module (HSM) pool associated with the key vault. |
| Network ACLs Bypass | azure.key_vault.network_acls.bypass | Specifies whether to bypass Azure Virtual Network service endpoints and allow public network access to the key vault. Valid values are 'AzureServices' to allow access only from Azure services, and 'None' to block all public network access. |
| Network ACLs Default Action | azure.key_vault.network_acls.default_action | Specifies the default action for network access control lists (ACLs) in the Key Vault. This setting determines whether traffic is allowed or denied by default. |
| Provisioning State | azure.key_vault.provisioning_state | Specifies the provisioning state of the Key Vault. This indicates whether the Key Vault is being created, updated, or deleted. |
| Public Network Access | azure.key_vault.public_network_access | Specifies whether the key vault can be accessed from the public internet. If set to 'Enabled', the key vault can be accessed from the public internet. If set to 'Disabled', the key vault can only be accessed from within the virtual network or through a private endpoint connection. |
| SKU Family | azure.key_vault.sku.family | The family of the SKU that is used for the key vault. This field is used to specify the pricing tier and capabilities of the key vault, such as the maximum number of objects that can be stored. |
| SKU Name | azure.key_vault.sku.name | Specifies the name of the SKU (stock-keeping unit) for the key vault. Possible values include 'Standard' and 'Premium'. |
| Soft Delete Retention In Days | azure.key_vault.soft_delete_retention_in_days | The number of days that deleted objects are retained before they are permanently deleted from the key vault. This field allows objects to be recovered if they were accidentally deleted, and helps to prevent data loss due to accidental deletions. |
| Tenant ID | azure.key_vault.tenant_id | The unique identifier of the Azure Active Directory tenant that owns the Key Vault. |
| Vault URI | azure.key_vault.vault_uri | Specifies the URI (Uniform Resource Identifier) of the key vault. The URI is used to access the key vault and its contents. |
| Name | azure.name | The Resource Name of the Azure Resource. |
| Resource Group | azure.resource.group | The resource group of the Azure Resource. |
| Resource ID | azure.resource.id | The fully qualified ID of the Azure Resource. |
| Account ID | cloud.account.id | The cloud account ID the resource is assigned to. |
| Platform | cloud.platform | The cloud platform in use. |
| Region | cloud.region | The location of the Azure Function resource. |
Retention and Purge Time-To-Live (TTL)
For all cloud and infrastructure entities, the retention TTL is 180 minutes (3 hours) and the purge TTL is 525,600 minutes (365 days).
Microsoft Azure, the Microsoft Azure logo, Azure, and any other Microsoft Azure Marks used in these materials are trademarks of Microsoft Corporation or its affiliates in the United States and/or other countries.