Azure Key Vault

Overview

Azure Key Vault is used to safeguard and manage cryptographic keys and secrets used by cloud applications and services.

Use the Datadog Azure integration to collect metrics from Azure Key Vault.

Setup

Installation

If you haven’t already, set up the Microsoft Azure integration. No additional installation steps are required.

Data Collected

Metrics

azure.keyvault_vaults.service_api_hit
(count)		Number of total service api hits
Shown as request
azure.keyvault_vaults.service_api_latency
(gauge)		Overall latency of service api requests
Shown as millisecond
azure.keyvault_vaults.service_api_result
(count)		Number of total service api results
Shown as response
azure.keyvault_vaults.saturation_shoebox
(gauge)		Vault capacity used
Shown as percent
azure.keyvault_vaults.availability
(gauge)		Vault requests availability
Shown as percent
azure.keyvault_vaults.count
(gauge)		The count of all Azure Key Vault resources
azure.keyvault_managedhsms.availability
(gauge)		Service requests availability
Shown as percent
azure.keyvault_managedhsms.service_api_hit
(count)		Number of total service api hits
Shown as request
azure.keyvault_managedhsms.service_api_latency
(gauge)		Overall latency of service api requests
Shown as millisecond

Events

Datadog sends credential expiry events to help you monitor upcoming expirations for Azure app registrations, Key Vault keys, Key Vault secrets, and Key Vault certificates. To receive events for Key Vault keys, secrets, and certificates, you must install the Azure Key Vault integration.

  • Expiration events are sent 60, 30, 14, 7, and 1 day(s) before credential expiration, and once after expiration.
  • Missing permission events are sent every 15 days and lists the Key Vaults for which Datadog lacks the required permissions. If no changes are made to Key Vault permissions during the previous 15-day cycle, the event notification is not sent again.

You can view these events in Event Explorer.

Notes:

  • To collect Azure app registration expiration events, enable access to the Microsoft Graph API.
  • If a certificate and its associated key and secret expire at the exact same time, one expiration event is sent for all resources.

Service Checks

The Azure Key Vault integration does not include any service checks.

Troubleshooting

Need help? Contact Datadog support.

Further reading

Additional helpful documentation, links, and articles:

PREVIEWING: lucas.kretvix/dsm-add-new-technology-pages