Blog entry by Mats Johannesson

Anyone in the world



When you work in a big environment, like me, and have lot of Azure DevOps organizations, is it time to automate some work to keep the environment strong. One thing that could be a hazzle is managing secrets.


This blog post describes steps needed to put up a flow for notifications from key vault when secrets is on the way to expired (30 days), with Azure Logics Apps.

The event Microsoft.KeyVault.SecretNearExpiry is used. It´s trigged 30 days before the expiration date.


Prerequisites:

You need a existing key vault and a subscription in Azure.


Task 1: Connect to portal Azure

1.     Start your web browser and connect to the following URL:

portal.azure.com

 

2.     Log in with your credentials.


Task 2: Create a Logic App via Event Grid


Picture Event Logics App


1.     In the Azure portal, go to your key vault, select Events – Get Started and click Logic Apps.


Picture Logic Apps designer


2.     On Logic Apps Designer, click Sign in.


Picture Logic Apps sign-in


3.     Choose your tenant and click on Sign in.


Picture Logic Apps sign-on


4.     Choose your account, and the status is changed with that account. Click Continue.


Picture Logic Apps designer choose


5.     On the When a resource event occurs screen, do the following:

 

  • Leave Subscription and Resource Name (will changes) as default.
  • Select Microsoft.KeyVault.vaults for the Resource Type.
  • Select Microsoft.KeyVault.SecretNearExpiry for Event Type Item - 1.

 

6.     Click on + New Step. This will open a window to Choose an action.


Picture Logic Apps choose Office 365


7.     Click on All and choose Office 365 Outlook.


Picture Logic Apps choose send email v2


8.     Select the Send an email (v2) action.


Picture Logic Apps choose send email v2 and sign in


9.     Click on Sign in. It´s the account used for sending notifications when secrets is about to expired. Should be a Microsoft 365 account in this case, you could choose other provider.

 

10.     Build your template:

  • To: Enter the email address to receive the notification emails.


Picture Add dynamic

  • Subject: Write the text for your subject. Click on Add dynamic content – See more (in box “Add dynamic content from apps and connectors used in this flow.”).

Picture Add Id


  • In Body, put in Event Id:, in box for Dynamic content, click on ID.

Picture Logic Apps add after adding Event Id


Your email template may look like this example:

Picture Logic Apps template


11.     Click Save as.

 

12.     Enter a name for new logic app and click Create.

 

Task 3: Test and verify


1.     Go to your key vault on the Azure portal.


Picture Key Vault


2.     Click on Secrets.


Picture Generate secret


3.     Create a new secret – click on Generate/Import.


Picture Create a secret


4.     For testing and verify purpose, set the Activation date, and the Expiration date to 29 days ahead. Click on Create.


Picture Events Key vault


5.     On the Events tab in your key vault, select the Logic Apps that you just created.


Picture Event fired


6.     Wait a couple of minutes (depending on your configuration), event will be fired, and email should be sent to configured mailbox.


Picture Email

7.     Check your mailbox, there will be an email on these issue. The test is completed.



[ Modified: Thursday, 27 January 2022, 8:36 PM ]
 

  
RSS