Created
June 23, 2021 09:18
-
-
Save schakko/99e1d456bae2b4b8e76d2b11a517bb43 to your computer and use it in GitHub Desktop.
Create an overview with all key vaults in current Azure tenant for auditing reasons
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This has been written to list all permissions to Key Vaults in the current Azure AD tenant. | |
| # It comes in handy if you need to do a scheduled audit e.g. for TISAX compliance reasons. | |
| $vaults = Get-AzKeyVault | |
| foreach ($vault in $vaults) { | |
| $detail = Get-AzKeyVault -VaultName $vault.VaultName; | |
| # Expand all permissions | |
| $FormatEnumerationLimit = 20; | |
| # Get permissions for secrets (certificates etc. not required in our case) | |
| $permissions = ($detail.AccessPolicies | Format-Table -Wrap -Property DisplayName, PermissionsToSecrets | Out-String); | |
| # create inline array to be later formatted | |
| @([pscustomobject]@{ | |
| KeyVault = $detail.VaultName; | |
| ResourceGroup = $detail.ResourceGroupName; | |
| PermissionsToSecrets = $permissions }) | Format-Table -Wrap | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment