Skip to content

Instantly share code, notes, and snippets.

@schakko
Created June 23, 2021 09:18
Show Gist options
  • Save schakko/99e1d456bae2b4b8e76d2b11a517bb43 to your computer and use it in GitHub Desktop.
Save schakko/99e1d456bae2b4b8e76d2b11a517bb43 to your computer and use it in GitHub Desktop.
Create an overview with all key vaults in current Azure tenant for auditing reasons
# This has been written to list all permissions to Key Vaults in the current Azure AD tenant.
# It comes in handy if you need to do a scheduled audit e.g. for TISAX compliance reasons.
$vaults = Get-AzKeyVault
foreach ($vault in $vaults) {
$detail = Get-AzKeyVault -VaultName $vault.VaultName;
# Expand all permissions
$FormatEnumerationLimit = 20;
# Get permissions for secrets (certificates etc. not required in our case)
$permissions = ($detail.AccessPolicies | Format-Table -Wrap -Property DisplayName, PermissionsToSecrets | Out-String);
# create inline array to be later formatted
@([pscustomobject]@{
KeyVault = $detail.VaultName;
ResourceGroup = $detail.ResourceGroupName;
PermissionsToSecrets = $permissions }) | Format-Table -Wrap
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment