Microsoft Azure Key Vault
This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project,
feel free to reach out to us!Overview
Azure Key Vault is used to safeguard and manage cryptographic keys and secrets used by cloud applications and services.
Use the Datadog Azure integration to collect metrics from Azure Key Vault.
Setup
Installation
If you haven’t already, set up the Microsoft Azure integration first. There are no other installation steps.
Data Collected
Metrics
azure.keyvault_vaults.service_api_hit (count) | Number of total service api hits Shown as request |
azure.keyvault_vaults.service_api_latency (gauge) | Overall latency of service api requests Shown as millisecond |
azure.keyvault_vaults.service_api_result (count) | Number of total service api results Shown as response |
azure.keyvault_vaults.status (gauge) | Status of Azure Key Vault (deprecated) |
azure.keyvault_vaults.saturation_shoebox (gauge) | Vault capacity used Shown as percent |
azure.keyvault_vaults.availability (gauge) | Vault requests availability Shown as percent |
azure.keyvault_vaults.count (gauge) | The count of all Azure Key Vault resources |
azure.keyvault_managedhsms.availability (gauge) | Service requests availability Shown as percent |
azure.keyvault_managedhsms.service_api_hit (count) | Number of total service api hits Shown as request |
azure.keyvault_managedhsms.service_api_latency (gauge) | Overall latency of service api requests Shown as millisecond |
Events
Datadog sends credential expiry events, which grant visibility into credential expirations for Azure app registrations, Key Vault keys, Key Vault secrets, and Key Vault certificates. The Azure Key Vault integration must be installed to receive events for Key Vault keys, Key Vault secrets, and Key Vault certificates.
- Expiration events are sent 60, 30, 14, 7, and 1 day(s) before credential expiration, and once after expiration.
- Missing permission events are sent every 15 days. A missing permission event lists the Key Vaults for which Datadog has not been given permissions. If no changes have been made regarding Key Vault permissions in the previous 15-day cycle, the event notification is not sent again.
You can view these events in Event Explorer.
Notes:
- To collect Azure app registration expiration events, enable access to the Microsoft Graph API.
- If a certificate and its associated key and secret expire at the exact same time, one expiration event is sent for all resources.
Service Checks
The Azure Key Vault integration does not include any service checks.
Troubleshooting
Need help? Contact Datadog support.
Further reading
Más enlaces, artículos y documentación útiles: