Azure Key Vaults and Azure Key Vault Managed HSM (Hardware Security Module) are two essential services provided by Microsoft Azure for managing secrets, keys, and certificates. The Azure Key Vaults service is used for securely storing and managing sensitive information such as API keys, passwords, certificates, and cryptographic keys. Azure Key Vault Managed HSM provides a highly secure environment for storing and managing cryptographic keys using hardware security modules (HSMs).
With the right Azure Key Vaults monitoring tool / Azure Key Vault Managed HSM monitoring tool, users can effectively monitor the performance, availability, and security of their service and gain actionable insights to optimize its usage, detect anomalies, and respond to security incidents promptly. Read on to learn how to do so with Applications Manager.
To learn how to create a new Microsoft Azure Key Vaults/Azure Key Vault Managed HSM monitor, click here.
Navigate to the Category View by clicking the Monitors tab. Hover over 'Child Monitors' under Microsoft Azure in the Cloud Apps table, and then select the Key Vaults (or) Key Vault Managed HSMs monitor from the displayed tooltip. This action will display the bulk configuration view for Azure Key Vaults/Azure Key Vault Managed HSM in three tabs:
The Microsoft Azure monitor provides a brief detail of the Azure Key Vaults/Azure Key Vault Managed HSM under the given subscription. Following are the list of metrics monitored in Azure Key Vaults Monitoring/Azure Key Vault Managed HSM Monitoring in their corresponding tabs:
| Parameter | Description |
Monitor Type
| |
|---|---|---|---|
|
Key Vaults
|
Key Vault Managed HSM
| ||
| VAULT AVAILABILITY | |||
| Vault Availability | The average availability of the vault requests between the poll interval (in %). |  |
|
| VAULT SATURATION | |||
| Vault Saturation | The average vault capacity used between the poll interval (in %). | |
|
| SERVICE AVAILABILITY | |||
| Service Availability | The average availability of the service requests between the poll interval (in %). | |
|
| API LATENCY | |||
| API Latency | The average overall latency of service API requests between the poll interval (in seconds). | |
|
| API HITS | |||
| Rate of API Hits | The number of total service API hits per minute, between the poll interval (in requests/min). | |
|
| Total API Hits | The number of total service API hits between the poll interval. | |
|
| API RESULTS | |||
| API Results | The number of total service API results between the poll interval (in MB). | |
|
Note: The metrics under RESOURCE ACCESS CONFIGURATION are only supported for the Azure Key Vaults monitor.
| Parameter | Description |
|---|---|
| CONFIGURATION | |
| Resource Group Name | The name of the resource group. |
| Location | The location of the resource. |
| Provisioning State | The current provisioning state of the resource. Possible values: RegisteringDns, Succeeded. |
| SKU Tier | The SKU name to specify the type of vault. Possible Values:
|
| SKU Family | The SKU Family name. |
| Vault URl/HSM URl | The URl of the vault/HSM used to perform operations on keys and secrets. |
| Creation Time | The timestamp of the key vault resource creation. |
| Creator Identity Type | The identity type used to create the key vault resource. |
| Last Modified Time | The timestamp of the key vault resource last modification. |
| Last Modifier Identity Type | The type of identity that last modified the key vault resource. |
| ADVANCED SETTINGS | |
| Soft Delete | Property to specify whether the 'Soft Delete' functionality is enabled for this key vault. Possible values: Enabled/Disabled. |
| Soft Delete Retention Days | The total number of Soft Delete data retention days. The possible value will be >=7 & <=90. |
| Purge Protection | Property specifying whether protection against purge is enabled for this vault. This setting is effective only if soft delete is also enabled. Possible values: Enabled/Disabled. |
| Public Network Access | Property to specify whether the vault will accept traffic from the public internet. Possible values: Enabled/Disabled. |
| RESOURCE ACCESS CONFIGURATION | |
| RBAC Authorization | Property that controls how data actions are authorized. Possible values: Enabled/Disabled. |
| Virtual Machine for Deployment | Property to specify whether the Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. Possible values: Enabled/Disabled. |
| Resource Manager for Template Deployment | Property to specify whether the Azure Resource Manager is permitted to retrieve secrets from the key vault. Possible values: Enabled/Disabled. |
| Disk Encryption for Volume Encryption | Property to specify whether the Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. Possible values: Enabled/Disabled. |
