I have hundreds of keyvaults and they are named like ABC-DEV-001, ABC-TEST-002, etc... At times, I need to locate a secret say APIKey in all of them. How can I query with the name of a secret and find the keyvault name? I wonder whether it is possible to use Resource Graph -
Resources
| where type =~ 'microsoft.keyvault/vaults'
How can I query with the name of a secret and find the key vault name? I wonder whether it is possible to use Resource Graph
According to this, Microsoft Q&A the resource graph is used to querying the information at the resource level. so it is impossible to query with a secret name in the resource graph.
For work around you can use the KQL query to get the vault name in log analytics workspace.
KQL query
AzureDiagnostics
|where ResourceProvider =~ "MICROSOFT.KEYVAULT"
|where isAccessPolicyMatch_b == "true"
|where OperationName =="SecretGet"
|where id_s =="your id"
| limit 1
|project Resource, ResultType, CorrelationId
Output:
Reference: Azure Key Vault logging | Microsoft Learn
