Skip to main content

Azure Key Vault

This Integration is part of the Azure Key Vault Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Use the Azure Key Vault integration to safeguard and manage cryptographic keys and secrets used by cloud applications and services. This integration was integrated and tested with version 2019-09-01 of AzureKeyVault.

Configure Azure Key Vault on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Azure Key Vault.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    Client IDTrue
    Client SecretFalse
    Tenant IDTrue
    Certificate ThumbprintFalse
    Private KeyFalse
    Subscription IDTrue
    Resource Group NameTrue
    Fetches credentialsFalse
    Key Vault names - comma seperated list of Key Vaults to fetch secrets from.False
    Secret names - comma seperated list of secrets to fetch.False
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

azure-key-vault-create-update#


Create or update a key vault in the specified subscription. If the Key Vault exists, the updated properties will overwrite the existing ones. Please use azure-key-vault-access-policy-update command if you wish to update the access policy of an existing Key Vault.

Base Command#

azure-key-vault-create-update

Input#

Argument NameDescriptionRequired
vault_nameKey Vault name.Required
locationKey Vault supported Azure location. The location cannot be changed after the Key Vault is created. Default value is 'westus'. Possible values are: northcentralus, eastus, northeurope, westeurope, eastasia, southeastasia, eastus2, centralus, southcentralus, westus, japaneast, japanwest, australiaeast, australiasoutheast, brazilsouth, centralindia, southindia, westindia, canadacentral, canadaeast, uksouth, ukwest, westcentralus, westus2, koreacentral, francecentral, australiacentral, uaenorth, southafricanorth, switzerlandnorth, germanywestcentral, norwayeast, westus3, jioindiawest.Optional
sku_nameSpecify whether the key vault is a standard vault or a premium vault. Default value is 'standard'. Possible values are: standard, premium.Optional
object_idThe object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies: Any change in the access policy regards that object ID, will override the exists one. To retrieve it navigate in the Azure Portal to App registrations > your registered application > click on manage application in local directory > copy Object ID property.Required
keysPermissions to keys. If the Key Vault exists, you must supply the previous keys' permissions in order to keep them unchanged. Access policy property. Default value is [get,list,create,update,import,delete,backup,restore,recover]. . Possible values are: get, list, create, update, import, delete, backup, restore, recover, decrypt, encrypt, unwrapKey, wrapKey, verify, sign, purge.Optional
secretsPermissions to secrets. If the Key Vault exists, you must supply the previous secrets' permissions in order to keep them unchanged. Access policy property. Default value is [get,list,set,delete,backup,restore,recover]. Possible values are: get, list, set, delete, recover, backup, restore, purge.Optional
certificatesPermissions to certificates. If the Key Vault exists, you must supply the previous certificate's permissions in order to keep them unchanged. Access policy property. Default value is [get,list,update,create,import,delete,recover,backup,restore,managecontacts,manageissuers,getissuers,listissuers,setissuers,deleteissuers]. Possible values are: get, list, update, create, import, delete, recover, backup, restore, managecontacts, manageissuers, getissuers, listissuers, setissuers, deleteissuers, purge.Optional
storagePermissions to storage accounts. If the Key Vault exists, you must supply the previous storage's permissions in order to keep them unchanged. Access policy property. Default value is [get,list,set,delete,backup,restore,recover]. Possible values are: get, list, delete, set, update, regeneratekey, getsas, listsas, deletesas, setsas, recover, backup, restore, purge.Optional
enabled_for_deploymentSpecifies whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. If the Key Vault exists, you must supply the previous value in order to keep it the same. Default value is True. Possible values are: true, false.Optional
enabled_for_disk_encryptionSpecifies whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.If the Key Vault exists, you must supply the previous value in order to keep it the same. Default value is True. Possible values are: true, false.Optional
enabled_for_template_deploymentSpecifies whether Azure Resource Manager is permitted to retrieve secrets from the key vault. If the Key Vault exists, you must supply the previous value in order to keep it the same. Default value is True. Possible values are: true, false.Optional
default_actionThe default action when no rule from ip_rules and from vnet_subnet_id match. For example, If no ip_rules and vnet_subnet_id arguments are supplied, the access to the key vault from any IP address or virtual network will be accrodingly to the default_action value. If you wish to allow access only from specific virtual network or IP address, use the ip_rules or the vnet_subnet_id arguments. This is only used after the bypass property has been evaluated. Network acl property. Possible values are: Allow, Deny.Optional
bypassTells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. For example, use 'AzureServices' if you wish to give azure services access to key vault, although the default action is 'Deny' or the access for a specific IP address. Network acl property. Default value is 'AzureServices'. Possible values are: AzureServices, None.Optional
vnet_subnet_idAllow accessibility of a vault from a specific virtual network. This argument must be the full resource ID of a virtual network subnet. For example, for the subnet ID "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1", you allow access to the Key Vault from subnet1. Network acl property.Optional
ignore_missing_vnet_service_endpointSpecifies whether the Network Resource Provider will ignore the check if parent subnet has serviceEndpoints configured. This allows the configuration for the Key Vault to complete without error before the configuration to the virtual network's subnet is complete. Once the subnet configuration is complete, the Cosmos account will then be accessible through the configured subnet. Network Acl property. Possible values are: . Default is True.Optional
ip_rulesThe list of IP address rules. Each rule governing the accessibility of a vault from a specific IP address or IP range. It can be a simple IP address "124.56.78.91" or "124.56.78.0/24" - all addresses that start with 124.56.78. For example, for the IP addresses list: "124.56.78.91,124.56.78.92", you can access the Key Vault from "124.56.78.91" or "124.56.78.92" IP addresses. Network acl property.Optional

Context Output#

PathTypeDescription
AzureKeyVault.KeyVault.idStringResource ID.
AzureKeyVault.KeyVault.nameStringKey Vault name.
AzureKeyVault.KeyVault.typeStringResource type in Azure.
AzureKeyVault.KeyVault.locationStringKey Vault location.
AzureKeyVault.KeyVault.properties.sku.familyStringSKU family name.
AzureKeyVault.KeyVault.properties.sku.nameStringSKU name to specify whether the key vault is a standard vault or a premium vault.
AzureKeyVault.KeyVault.properties.tenantIdStringThe Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
AzureKeyVault.KeyVault.properties.accessPolicies.tenantIdStringThe Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
AzureKeyVault.KeyVault.properties.accessPolicies.objectIdStringThe object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
AzureKeyVault.KeyVault.properties.accessPolicies.permissions.keysUnknownPermissions to keys.
AzureKeyVault.KeyVault.properties.accessPolicies.permissions.secretsUnknownPermissions to secrets.
AzureKeyVault.KeyVault.properties.accessPolicies.permissions.certificatesUnknownPermissions to certificates.
AzureKeyVault.KeyVault.properties.enabledForDeploymentBooleanProperty to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
AzureKeyVault.KeyVault.properties.enabledForDiskEncryptionBooleanProperty to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
AzureKeyVault.KeyVault.properties.enabledForTemplateDeploymentBooleanProperty to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
AzureKeyVault.KeyVault.properties.vaultUriStringThe URI of the vault for performing operations on keys and secrets.

| | AzureKeyVault.KeyVault.properties.provisioningState | String | The current provisioning state.

|

Command Example#

!azure-key-vault-create-update object_id=YOUR_OBJECT_ID vault_name=xsoar-test-285 keys=create,decrypt

Context Example#

{
"AzureKeyVault": {
"KeyVault": {
"id": "/subscriptions/SUBSCRIPTION_ID/resourceGroups/test-group/providers/Microsoft.KeyVault/vaults/xsoar-test-285",
"location": "westus",
"name": "xsoar-test-285",
"properties": {
"accessPolicies": [
{
"objectId": "YOUR_OBJECT_ID",
"permissions": {
"certificates": [
"get",
"list",
"update",
"create",
"import",
"delete",
"recover",
"backup",
"restore",
"managecontacts",
"manageissuers",
"getissuers",
"listissuers",
"setissuers",
"deleteissuers"
],
"keys": [
"create",
"decrypt"
],
"secrets": [
"get",
"list",
"set",
"delete",
"recover",
"backup",
"restore"
],
"storage": [
"get",
"list",
"delete",
"set",
"update",
"regeneratekey",
"getsas",
"listsas"
]
},
"tenantId": "YOUR_TENANT_ID"
}
],
"enableSoftDelete": true,
"enabledForDeployment": true,
"enabledForDiskEncryption": true,
"enabledForTemplateDeployment": true,
"provisioningState": "Succeeded",
"sku": {
"family": "A",
"name": "standard"
},
"tenantId": "YOUR_TENANT_ID",
"vaultUri": "https://xsoar-test-285.vault.azure.net/"
},
"tags": {},
"type": "Microsoft.KeyVault/vaults"
}
}
}

Human Readable Output#

xsoar-test-285 Information#

IdNameTypeLocation
/subscriptions/SUBSCRIPTION_ID/resourceGroups/test-group/providers/Microsoft.KeyVault/vaults/xsoar-test-285xsoar-test-285Microsoft.KeyVault/vaultswestus

azure-key-vault-delete#


Delete the specified key vault.

Base Command#

azure-key-vault-delete

Input#

Argument NameDescriptionRequired
vault_nameKey Vault name to delete.Required

Context Output#

There is no context output for this command.

Command Example#

!azure-key-vault-delete vault_name=xsoar-test-262

Human Readable Output#

Deleted Key Vault xsoar-test-262 successfully.

azure-key-vault-get#


Get the specified key vault.

Base Command#

azure-key-vault-get

Input#

Argument NameDescriptionRequired
vault_nameKey Vault name.Required

Context Output#

PathTypeDescription
AzureKeyVault.KeyVault.idStringResource ID.
AzureKeyVault.KeyVault.nameStringKey Vault name.
AzureKeyVault.KeyVault.typeStringResource type in Azure.
AzureKeyVault.KeyVault.locationStringKey Vault location.
AzureKeyVault.KeyVault.properties.sku.familyStringSKU family name.
AzureKeyVault.KeyVault.properties.sku.nameStringSKU name to specify whether the key vault is a standard vault or a premium vault.
AzureKeyVault.KeyVault.properties.tenantIdStringThe Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
AzureKeyVault.KeyVault.properties.accessPolicies.tenantIdStringThe Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
AzureKeyVault.KeyVault.properties.accessPolicies.objectIdStringThe object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
AzureKeyVault.KeyVault.properties.accessPolicies.permissions.keysUnknownPermissions to keys.
AzureKeyVault.KeyVault.properties.accessPolicies.permissions.secretsUnknownPermissions to secrets.
AzureKeyVault.KeyVault.properties.accessPolicies.permissions.certificatesUnknownPermissions to certificates.
AzureKeyVault.KeyVault.properties.enabledForDeploymentBooleanProperty to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
AzureKeyVault.KeyVault.properties.enabledForDiskEncryptionBooleanProperty to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
AzureKeyVault.KeyVault.properties.enabledForTemplateDeploymentBooleanProperty to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
AzureKeyVault.KeyVault.properties.enableSoftDeleteBooleanProperty to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
AzureKeyVault.KeyVault.properties.vaultUriStringThe URI of the vault for performing operations on keys and secrets. This property is readonly.

Command Example#

!azure-key-vault-get vault_name=xsoar-test-vault

Context Example#

{
"AzureKeyVault": {
"KeyVault": {
"id": "/subscriptions/SUBSCRIPTION_ID/resourceGroups/test-group/providers/Microsoft.KeyVault/vaults/xsoar-test-vault",
"location": "eastus",
"name": "xsoar-test-vault",
"properties": {
"accessPolicies": [
{
"objectId": "YOUR_OBJECT_ID",
"permissions": {
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers",
"Purge"
],
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"Decrypt",
"Encrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign",
"Purge"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore",
"Purge"
]
},
"tenantId": "YOUR_TENANT_ID"
}
],
"enableRbacAuthorization": false,
"enableSoftDelete": true,
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": false,
"provisioningState": "Succeeded",
"sku": {
"family": "A",
"name": "Standard"
},
"softDeleteRetentionInDays": 90,
"tenantId": "YOUR_TENANT_ID",
"vaultUri": "https://xsoar-test-vault.vault.azure.net/"
},
"tags": {},
"type": "Microsoft.KeyVault/vaults"
}
}
}

Human Readable Output#

xsoar-test-vault Information#

IdNameTypeLocation
/subscriptions/SUBSCRIPTION_ID/resourceGroups/test-group/providers/Microsoft.KeyVault/vaults/xsoar-test-vaultxsoar-test-vaultMicrosoft.KeyVault/vaultseastus

azure-key-vault-list#


The List operation gets information about the vaults associated with the subscription. For a limit greater than 25, more than one API call will be required and the command might take longer time.

Base Command#

azure-key-vault-list

Input#

Argument NameDescriptionRequired
limitLimit on the number of keys vaults to return. Default value is 50.Optional
offsetFirst index to retrieve from. Default value is 0.Optional

Context Output#

PathTypeDescription
AzureKeyVault.KeyVault.idStringResource ID.
AzureKeyVault.KeyVault.nameStringKey Vault name.
AzureKeyVault.KeyVault.typeStringResource type in Azure.
AzureKeyVault.KeyVault.locationStringKey Vault location.
AzureKeyVault.KeyVault.properties.sku.familyStringSKU family name.
AzureKeyVault.KeyVault.properties.sku.nameStringSKU name to specify whether the key vault is a standard vault or a premium vault.
AzureKeyVault.KeyVault.properties.tenantIdStringThe Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
AzureKeyVault.KeyVault.properties.accessPolicies.tenantIdStringThe Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
AzureKeyVault.KeyVault.properties.accessPolicies.objectIdStringThe object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
AzureKeyVault.KeyVault.properties.accessPolicies.permissions.keysUnknownPermissions to keys.
AzureKeyVault.KeyVault.properties.accessPolicies.permissions.secretsUnknownPermissions to secrets.
AzureKeyVault.KeyVault.properties.accessPolicies.permissions.certificatesUnknownPermissions to certificates.
AzureKeyVault.KeyVault.properties.enabledForDeploymentBooleanProperty to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
AzureKeyVault.KeyVault.properties.enabledForDiskEncryptionBooleanProperty to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
AzureKeyVault.KeyVault.properties.enabledForTemplateDeploymentBooleanProperty to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
AzureKeyVault.KeyVault.properties.enableSoftDeleteBooleanProperty to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
AzureKeyVault.KeyVault.properties.vaultUriStringThe URI of the vault for performing operations on keys and secrets.

Command Example#

!azure-key-vault-list limit=1

Context Example#

{
"AzureKeyVault": {
"KeyVault": {
"id": "/subscriptions/SUBSCRIPTION_ID/resourceGroups/test-group/providers/Microsoft.KeyVault/vaults/xsoar-test-265",
"location": "eastasia",
"name": "xsoar-test-265",
"properties": {
"accessPolicies": [
{
"objectId": "YOUR_OBJECT_ID",
"permissions": {
"certificates": [
"get",
"list",
"update",
"create",
"import",
"delete",
"recover",
"backup",
"restore",
"managecontacts",
"manageissuers",
"getissuers",
"listissuers",
"setissuers",
"deleteissuers"
],
"keys": [
"get",
"list",
"update",
"create",
"import",
"delete",
"recover",
"backup",
"restore",
"decrypt"
],
"secrets": [
"get",
"list",
"set",
"delete",
"recover",
"backup",
"restore"
],
"storage": [
"get",
"list",
"delete",
"set",
"update",
"regeneratekey",
"getsas",
"listsas"
]
},
"tenantId": "YOUR_TENANT_ID"
}
],
"enableSoftDelete": true,
"enabledForDeployment": true,
"enabledForDiskEncryption": true,
"enabledForTemplateDeployment": true,
"provisioningState": "Succeeded",
"sku": {
"family": "A",
"name": "standard"
},
"tenantId": "YOUR_TENANT_ID",
"vaultUri": "https://xsoar-test-265.vault.azure.net/"
},
"tags": {},
"type": "Microsoft.KeyVault/vaults"
}
}
}

Human Readable Output#

Key Vaults List#

IdNameTypeLocation
/subscriptions/SUBSCRIPTION_ID/resourceGroups/test-group/providers/Microsoft.KeyVault/vaults/xsoar-test-265xsoar-test-265Microsoft.KeyVault/vaultseastasia

azure-key-vault-access-policy-update#


Update access policies in a key vault in the specified subscription. The update regards only the access policy for the specified object ID.

Base Command#

azure-key-vault-access-policy-update

Input#

Argument NameDescriptionRequired
vault_nameThe name of the Key Vault to update it's access policy.Required
operation_kindThe name of the operation to do on the vault's access policy. Supports three operations: add,remove,replace. For example, to add get, list permissions to the current secret permissions, use operation_kind=add and secrets=get,list. Possible values are: add, remove, replace.Required
object_idThe object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The update regards only the access policy for the specified object ID.Required
keysPermissions to keys. Possible values are: encrypt, decrypt, wrapKey, unwrapKey, sign, verify, get, list, create, update, import, delete, backup, restore, recover, purge.Optional
secretsPermissions to secrets. Possible values are: get, list, set, delete, backup, restore, recover, purge.Optional
certificatesPermissions to certificates. Possible values are: get, list, delete, create, import, update, managecontacts, getissuers, listissuers, setissuers, deleteissuers, manageissuers, recover, purge.Optional
storagePermissions to storage accounts. Possible values are: get, list, delete, set, update, regeneratekey, getsas, listsas, deletesas, setsas, recover, backup, restore, purge.Optional

Context Output#

PathTypeDescription
AzureKeyVault.VaultAccessPolicy.idStringResource ID.
AzureKeyVault.VaultAccessPolicy.typeStringResource type in Azure.
AzureKeyVault.VaultAccessPolicy.properties.accessPolicies.tenantIdStringThe Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
AzureKeyVault.VaultAccessPolicy.properties.accessPolicies.objectIdStringThe object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
AzureKeyVault.VaultAccessPolicy.properties.accessPolicies.permissions.keysUnknownPermissions to keys.
AzureKeyVault.VaultAccessPolicy.properties.accessPolicies.permissions.secretsUnknownPermissions to secrets.
AzureKeyVault.VaultAccessPolicy.properties.accessPolicies.permissions.certificatesUnknownPermissions to certificates.

Command Example#

!azure-key-vault-access-policy-update object_id=YOUR_OBJECT_ID operation_kind=add vault_name=xsoar-test-285 keys=import,list

Context Example#

{
"AzureKeyVault": {
"VaultAccessPolicy": {
"id": "/subscriptions/SUBSCRIPTION_ID/resourceGroups/test-group/providers/Microsoft.KeyVault/vaults/xsoar-test-285/accessPolicies/",
"properties": {
"accessPolicies": [
{
"objectId": "YOUR_OBJECT_ID",
"permissions": {
"certificates": [
"get",
"list",
"update",
"create",
"import",
"delete",
"recover",
"backup",
"restore",
"managecontacts",
"manageissuers",
"getissuers",
"listissuers",
"setissuers",
"deleteissuers"
],
"keys": [
"create",
"decrypt",
"import",
"list"
],
"secrets": [
"get",
"list",
"set",
"delete",
"recover",
"backup",
"restore"
],
"storage": [
"get",
"list",
"delete",
"set",
"update",
"regeneratekey",
"getsas",
"listsas"
]
},
"tenantId": "YOUR_TENANT_ID"
}
]
},
"type": "Microsoft.KeyVault/vaults/accessPolicies"
}
}
}

Human Readable Output#

xsoar-test-285 Updated Access Policy#

IdType
/subscriptions/SUBSCRIPTION_ID/resourceGroups/test-group/providers/Microsoft.KeyVault/vaults/xsoar-test-285/accessPolicies/Microsoft.KeyVault/vaults/accessPolicies

azure-key-vault-key-get#


Get the public part of a stored key. This operation requires the keys/get permission.

Base Command#

azure-key-vault-key-get

Input#

Argument NameDescriptionRequired
vault_nameThe name of the Key Vault where the key resides in.Required
key_nameKey name.Required
key_versionAdding the version parameter retrieves a specific version of a key. This URI fragment is optional. If not specified, the latest version of the key is returned.Optional

Context Output#

PathTypeDescription
AzureKeyVault.Key.key.kidStringKey identifier.
AzureKeyVault.Key.key.ktyStringJsonWebKey Key Type.
AzureKeyVault.Key.key.key_opsUnknownSupported key operations.
AzureKeyVault.Key.key.nStringRSA modulus.
AzureKeyVault.Key.key.eStringRSA public exponent.
AzureKeyVault.Key.attributes.enabledBooleanDetermines whether the object is enabled.
AzureKeyVault.Key.attributes.createdDateCreation time in UTC.
AzureKeyVault.Key.attributes.updatedDateLast updated time in UTC.
AzureKeyVault.Key.attributes.recoveryLevelUnknownReflects the deletion recovery level currently in effect for keys in the current vault. If it contains 'Purgeable' the key can be permanently deleted by a privileged user; otherwise, only the system can purge the key, at the end of the retention interval.

Command Example#

!azure-key-vault-key-get key_name=test-key-1 vault_name=xsoar-test-vault

Context Example#

{
"AzureKeyVault": {
"Key": {
"attributes": {
"created": "2021-08-11T12:03:16",
"enabled": true,
"recoverableDays": 90,
"recoveryLevel": "Recoverable+Purgeable",
"updated": "2021-08-11T12:03:16"
},
"key": {
"e": "AQAB",
"key_ops": [
"sign",
"verify",
"wrapKey",
"unwrapKey",
"encrypt",
"decrypt"
],
"kid": "https://xsoar-test-vault.vault.azure.net/keys/test-key-1/KEY_VERSION",
"kty": "RSA",
"n": "XXX-XXXX-XXX"
},
"key_vault_name": "xsoar-test-vault",
"tags": {}
}
}
}

Human Readable Output#

test-key-1 Information#

Key IdEnabledJson Web Key TypeKey OperationsCreate TimeUpdate Time
https://xsoar-test-vault.vault.azure.net/keys/test-key-1/KEY_VERSIONtrueRSAsign,
verify,
wrapKey,
unwrapKey,
encrypt,
decrypt
2021-08-11T12:03:162021-08-11T12:03:16

azure-key-vault-key-list#


List keys in the specified vault. For a limit greater than 25, more than one API call will be required and the command might take longer time. This operation requires the keys/list permission.

Base Command#

azure-key-vault-key-list

Input#

Argument NameDescriptionRequired
vault_nameThe name of the Key Vault where the keys reside in.Required
limitLimit on the number of keys to return. Default value is 50. Default is 50.Optional
offsetFirst index to retrieve from. Default value is 0. Default is 0.Optional

Context Output#

PathTypeDescription
AzureKeyVault.Key.kidStringKey identifier.
AzureKeyVault.Key.attributes.enabledBooleanDetermines whether the object is enabled.
AzureKeyVault.Key.attributes.createdDateCreation time in UTC.
AzureKeyVault.Key.attributes.updatedDateLast updated time in UTC.
AzureKeyVault.Key.attributes.recoveryLevelStringReflects the deletion recovery level currently in effect for keys in the current vault. If it contains 'Purgeable' the key can be permanently deleted by a privileged user; otherwise, only the system can purge the key, at the end of the retention interval.
AzureKeyVault.Key.attributes.recoverableDaysNumberSoft Delete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0.

Command Example#

!azure-key-vault-key-list vault_name=xsoar-test-vault limit=1

Context Example#

{
"AzureKeyVault": {
"Key": {
"attributes": {
"created": "2021-08-11T12:05:48",
"enabled": false,
"exp": "2022-08-11T12:05:48",
"nbf": "2021-08-11T11:55:48",
"recoverableDays": 90,
"recoveryLevel": "Recoverable+Purgeable",
"updated": "2021-09-05T14:02:13"
},
"key_vault_name": "xsoar-test-vault",
"kid": "https://xsoar-test-vault.vault.azure.net/keys/test-cer-1",
"managed": true,
"tags": {}
}
}
}

Human Readable Output#

xsoar-test-vault Keys List#

Key IdEnabledCreate TimeUpdate TimeExpiry Time
https://xsoar-test-vault.vault.azure.net/keys/test-cer-1false2021-08-11T12:05:482021-09-05T14:02:132022-08-11T12:05:48

azure-key-vault-key-delete#


Delete a key of any type from storage in Azure Key vault. This operation requires the keys/delete permission.

Base Command#

azure-key-vault-key-delete

Input#

Argument NameDescriptionRequired
vault_nameThe name of the Key Vault where the key resides in.Required
key_nameKey name to delete.Required

Context Output#

PathTypeDescription
AzureKeyVault.Key.recoveryIdStringThe url of the recovery object, used to identify and recover the deleted key.
AzureKeyVault.Key.deletedDateDateThe time when the key was deleted, in UTC.
AzureKeyVault.Key.key.kidStringKey identifier.
AzureKeyVault.Key.key.ktyStringJsonWebKey Key Type.
AzureKeyVault.Key.key.key_opsUnknownSupported key operations.
AzureKeyVault.Key.key.nStringRSA modulus.
AzureKeyVault.Key.key.eStringRSA public exponent.
AzureKeyVault.Key.attributes.enabledBooleanDetermines whether the object is enabled.
AzureKeyVault.Key.attributes.createdNumberCreation time in UTC.
AzureKeyVault.Key.attributes.updatedNumberLast updated time in UTC.
AzureKeyVault.Key.attributes.recoveryLevelStringReflects the deletion recovery level currently in effect for keys in the current vault. If it contains 'Purgeable' the key can be permanently deleted by a privileged user; otherwise, only the system can purge the key, at the end of the retention interval.

Command Example#

!azure-key-vault-key-delete key_name=test-key-10 vault_name=xsoar-test-vault

Context Example#

{
"AzureKeyVault": {
"Key": {
"attributes": {
"created": "2021-08-18T07:07:18",
"enabled": true,
"exp": "2023-08-18T07:07:03",
"nbf": "2021-08-18T07:07:03",
"recoverableDays": 90,
"recoveryLevel": "Recoverable+Purgeable",
"updated": "2021-08-18T07:07:18"
},
"deletedDate": "2021-11-01T12:52:40",
"key": {
"e": "AQAB",
"key_ops": [
"sign",
"verify",
"wrapKey",
"unwrapKey",
"encrypt",
"decrypt"
],
"kid": "https://xsoar-test-vault.vault.azure.net/keys/test-key-10/KEY_VERSION",
"kty": "RSA",
"n": "XXX-XXXX-XXX"
},
"key_vault_name": "xsoar-test-vault",
"recoveryId": "https://xsoar-test-vault.vault.azure.net/deletedkeys/test-key-10",
"scheduledPurgeDate": "2022-01-30T12:52:40",
"tags": {}
}
}
}

Human Readable Output#

Delete test-key-10#

Key IdRecovery IdDeleted DateScheduled Purge Date
https://xsoar-test-vault.vault.azure.net/keys/test-key-10/KEY_VERSIONhttps://xsoar-test-vault.vault.azure.net/deletedkeys/test-key-102021-11-01T12:52:402022-01-30T12:52:40

azure-key-vault-secret-get#


Get a specified secret from a given key vault. The GET operation is applicable to any secret stored in Azure Key Vault. This operation requires the secrets/get permission.

Base Command#

azure-key-vault-secret-get

Input#

Argument NameDescriptionRequired
vault_nameThe name of the Key Vault where the secret resides in.Required
secret_nameSecret name.Required
secret_versionSecret version.If not specified, the latest version of the secret is returned.Optional

Context Output#

PathTypeDescription
AzureKeyVault.Secret.valueStringSecret value.
AzureKeyVault.Secret.idStringSecret ID.
AzureKeyVault.Secret.attributes.enabledBoleanDetermines whether the object is enabled.
AzureKeyVault.Secret.attributes.createdDateCreation time in UTC.
AzureKeyVault.Secret.attributes.updatedDateLast updated time in UTC.
AzureKeyVault.Secret.attributes.recoveryLevelStringReflects the deletion recovery level currently in effect for secrets in the current vault. If it contains 'Purgeable', the secret can be permanently deleted by a privileged user; otherwise, only the system can purge the secret, at the end of the retention interval.

Command Example#

!azure-key-vault-secret-get secret_name=test-sec-1 vault_name=xsoar-test-vault

Context Example#

{
"AzureKeyVault": {
"Secret": {
"attributes": {
"created": "2021-08-11T12:04:12",
"enabled": true,
"exp": "2023-08-11T12:04:06",
"nbf": "2021-08-11T12:04:06",
"recoverableDays": 90,
"recoveryLevel": "Recoverable+Purgeable",
"updated": "2021-08-17T16:22:57"
},
"contentType": "text",
"id": "https://xsoar-test-vault.vault.azure.net/secrets/test-sec-1/SECRET_VERSION",
"key_vault_name": "xsoar-test-vault",
"tags": {},
"value": "test"
}
}
}

Human Readable Output#

test-sec-1 Information#

Secret IdEnabledCreate TimeUpdate TimeExpiry Time
https://xsoar-test-vault.vault.azure.net/secrets/test-sec-1/SECRET_VERSIONtrue2021-08-11T12:04:122021-08-17T16:22:572023-08-11T12:04:06

azure-key-vault-secret-list#


List secrets in a specified key vault. For a limit greater than 25, more than one API call will be required and the command might take longer time. This operation requires the secrets/list permission.

Base Command#

azure-key-vault-secret-list

Input#

Argument NameDescriptionRequired
vault_nameThe name of the Key Vault where the secrets reside in.Required
limitLimit on the number of secrets to return. Default value is 50.Optional
offsetFirst index to retrieve from. Default value is 0.Optional

Context Output#

PathTypeDescription
AzureKeyVault.Secret.idStringSecret ID.
AzureKeyVault.Secret.attributes.enabledBoleanDetermines whether the object is enabled.
AzureKeyVault.Secret.attributes.nbfDateNot before date in UTC.
AzureKeyVault.Secret.attributes.expDateExpiry date in UTC.
AzureKeyVault.Secret.attributes.createdDateCreation time in UTC.
AzureKeyVault.Secret.attributes.updatedDateLast updated time in UTC.
AzureKeyVault.Secret.attributes.recoveryLevelStringReflects the deletion recovery level currently in effect for secrets in the current vault. If it contains 'Purgeable', the secret can be permanently deleted by a privileged user; otherwise, only the system can purge the secret, at the end of the retention interval.
AzureKeyVault.Secret.attributes.recoverableDaysNumberSoft Delete data retention days. Value should be >=7 and <=90 when softDelete enabled, otherwise 0.

Command Example#

!azure-key-vault-secret-list vault_name=xsoar-test-vault limit=1

Context Example#

{
"AzureKeyVault": {
"Secret": {
"attributes": {
"created": "2021-08-11T12:05:48",
"enabled": false,
"exp": "2022-08-11T12:05:48",
"nbf": "2021-08-11T11:55:48",
"recoverableDays": 90,
"recoveryLevel": "Recoverable+Purgeable",
"updated": "2021-09-05T14:02:13"
},
"contentType": "application/x-pkcs12",
"id": "https://xsoar-test-vault.vault.azure.net/secrets/test-cer-1",
"key_vault_name": "xsoar-test-vault",
"managed": true,
"tags": {}
}
}
}

Human Readable Output#

xsoar-test-vault Secrets List#

Secret IdEnabledCreate TimeUpdate TimeExpiry Time
https://xsoar-test-vault.vault.azure.net/secrets/test-cer-1false2021-08-11T12:05:482021-09-05T14:02:132022-08-11T12:05:48

azure-key-vault-secret-delete#


Delete a secret from a specified key vault. This operation requires the secrets/delete permission.

Base Command#

azure-key-vault-secret-delete

Input#

Argument NameDescriptionRequired
vault_nameThe name of the Key Vault where the secret resides in.Required
secret_nameSecret name to delete.Required

Context Output#

PathTypeDescription
AzureKeyVault.Secret.recoveryIdStringThe URL of the recovery object, used to identify and recover the deleted secret.
AzureKeyVault.Secret.deletedDateDateThe time when the secret was deleted, in UTC.
AzureKeyVault.Secret.scheduledPurgeDateDateThe time when the secret is scheduled to be purged, in UTC.
AzureKeyVault.Secret.idStringDeleted secret ID.
AzureKeyVault.Secret.attributes.enabledBooleanDetermines whether the object is enabled.
AzureKeyVault.Secret.attributes.createdDateCreation time in UTC.
AzureKeyVault.Secret.attributes.updatedDateLast updated time in UTC.
AzureKeyVault.Secret.attributes.recoveryLevelStringReflects the deletion recovery level currently in effect for secrets in the current vault.

Command Example#

!azure-key-vault-secret-delete secret_name=test-sec-10 vault_name=xsoar-test-vault

Context Example#

{
"AzureKeyVault": {
"Secret": {
"attributes": {
"created": "2021-08-18T07:08:10",
"enabled": true,
"recoverableDays": 90,
"recoveryLevel": "Recoverable+Purgeable",
"updated": "2021-08-18T07:08:10"
},
"contentType": "aa",
"deletedDate": "2021-11-01T12:52:54",
"id": "https://xsoar-test-vault.vault.azure.net/secrets/test-sec-10/SECRET_VERSION",
"key_vault_name": "xsoar-test-vault",
"recoveryId": "https://xsoar-test-vault.vault.azure.net/deletedsecrets/test-sec-10",
"scheduledPurgeDate": "2022-01-30T12:52:54",
"tags": {}
}
}
}

Human Readable Output#

Delete test-sec-10#

Secret IdRecovery IdDeleted DateScheduled Purge Date
https://xsoar-test-vault.vault.azure.net/secrets/test-sec-10/SECRET_VERSIONhttps://xsoar-test-vault.vault.azure.net/deletedsecrets/test-sec-102021-11-01T12:52:542022-01-30T12:52:54

azure-key-vault-certificate-get#


Gets information about a specific certificate. This operation requires the certificates/get permission.

Base Command#

azure-key-vault-certificate-get

Input#

Argument NameDescriptionRequired
vault_nameThe name of the Key Vault where the certificate resides in.Required
certificate_nameCertificate name.Required
certificate_versionThe version of the certificate. If not specified, the latest version of the certificate is returned.Optional

Context Output#

PathTypeDescription
AzureKeyVault.Certificate.idStringCertificate ID.
AzureKeyVault.Certificate.kidStringKey ID.
AzureKeyVault.Certificate.sidStringSecret ID.
AzureKeyVault.Certificate.x5tStringThumbprint of the certificate.
AzureKeyVault.Certificate.cerStringCER contents of x509 certificate.
AzureKeyVault.Certificate.attributes.enabledBooleanDetermines whether the object is enabled.
AzureKeyVault.Certificate.attributes.expDateExpiry date in UTC.
AzureKeyVault.Certificate.attributes.createdDateCreation time in UTC.
AzureKeyVault.Certificate.attributes.updatedDateLast updated time in UTC.
AzureKeyVault.Certificate.attributes.recoveryLevelStringReflects the deletion recovery level currently in effect for certificates in the current vault. If it contains 'Purgeable', the certificate can be permanently deleted by a privileged user; otherwise, only the system can purge the certificate, at the end of the retention interval.
AzureKeyVault.Certificate.policyUnknownThe management policy.

Command Example#

!azure-key-vault-certificate-get certificate_name=test-cer-1 vault_name=xsoar-test-vault

Context Example#

{
"AzureKeyVault": {
"Certificate": {
"attributes": {
"created": "2021-08-11T12:05:48",
"enabled": false,
"exp": "2022-08-11T12:05:48",
"nbf": "2021-08-11T11:55:48",
"recoverableDays": 90,
"recoveryLevel": "Recoverable+Purgeable",
"updated": "2021-09-05T14:02:13"
},
"cer": "XXXXX-XXXXXX",
"id": "https://xsoar-test-vault.vault.azure.net/certificates/test-cer-1/CERTIFICATE_VERSION",
"key_vault_name": "xsoar-test-vault",
"kid": "https://xsoar-test-vault.vault.azure.net/keys/test-cer-1/CERTIFICATE_VERSION",
"pending": {
"id": "https://xsoar-test-vault.vault.azure.net/certificates/test-cer-1/pending"
},
"policy": {
"attributes": {
"created": "2021-08-11T12:05:31",
"enabled": true,
"updated": "2021-08-11T12:05:31"
},
"id": "https://xsoar-test-vault.vault.azure.net/certificates/test-cer-1/policy",
"issuer": {
"name": "Self"
},
"key_props": {
"exportable": true,
"key_size": 2048,
"kty": "RSA",
"reuse_key": false
},
"lifetime_actions": [
{
"action": {
"action_type": "AutoRenew"
},
"trigger": {
"lifetime_percentage": 80
}
}
],
"secret_props": {
"contentType": "application/x-pkcs12"
},
"x509_props": {
"basic_constraints": {
"ca": false
},
"ekus": [
"1.3.6.1.5.5.7.3.1",
"1.3.6.1.5.5.7.3.2"
],
"key_usage": [
"digitalSignature",
"keyEncipherment"
],
"sans": {
"dns_names": []
},
"subject": "CN=test",
"validity_months": 12
}
},
"sid": "https://xsoar-test-vault.vault.azure.net/secrets/test-cer-1/CERTIFICATE_VERSION",
"tags": {},
"x5t": "XXXX-XXXXX"
}
}
}

Human Readable Output#

test-cer-1 Information#

Certificate IdEnabledCreate TimeUpdate TimeExpiry Time
https://xsoar-test-vault.vault.azure.net/certificates/test-cer-1/CERTIFICATE_VERSIONfalse2021-08-11T12:05:482021-09-05T14:02:132022-08-11T12:05:48

azure-key-vault-certificate-list#


List certificates in a specified key vault. For a limit greater than 25, more than one API call will be required and the command might take longer time. This operation requires the certificates/list permission.

Base Command#

azure-key-vault-certificate-list

Input#

Argument NameDescriptionRequired
vault_nameThe name of the Key Vault where the certificate reside in.Required
limitLimit on the number of certificates to return. Default value is 50.Optional
offsetFirst index to retrieve from. Default value is 0.Optional

Context Output#

PathTypeDescription
AzureKeyVault.Certificate.idStringCertificate ID.
AzureKeyVault.Certificate.x5tStringThumbprint of the certificate.
AzureKeyVault.Certificate.attributes.enabledBooleanDetermines whether the object is enabled.
AzureKeyVault.Certificate.attributes.createdDateCreation time in UTC.
AzureKeyVault.Certificate.attributes.updatedDateLast updated time in UTC.

Command Example#

!azure-key-vault-certificate-list vault_name=xsoar-test-vault limit=1

Context Example#

{
"AzureKeyVault": {
"Certificate": {
"attributes": {
"created": "2021-08-11T12:05:48",
"enabled": false,
"exp": "2022-08-11T12:05:48",
"nbf": "2021-08-11T11:55:48",
"updated": "2021-09-05T14:02:13"
},
"id": "https://xsoar-test-vault.vault.azure.net/certificates/test-cer-1",
"key_vault_name": "xsoar-test-vault",
"subject": "",
"tags": {},
"x5t": "XXXX-XXXXX"
}
}
}

Human Readable Output#

xsoar-test-vault Certificates List#

Certificate IdEnabledCreate TimeUpdate TimeExpiry Time
https://xsoar-test-vault.vault.azure.net/certificates/test-cer-1false2021-08-11T12:05:482021-09-05T14:02:132022-08-11T12:05:48

azure-key-vault-certificate-policy-get#


Get the policy of the specified certificate.This operation requires the certificates/get permission.

Base Command#

azure-key-vault-certificate-policy-get

Input#

Argument NameDescriptionRequired
vault_nameThe name of the Key Vault where the secret resides in.Required
certificate_nameThe name of the certificate to retrieve the policy from.Required

Context Output#

PathTypeDescription
AzureKeyVault.CertificatePolicy.idStringPolicy ID.
AzureKeyVault.CertificatePolicy.key_propsUnknownProperties of the key backing a certificate.
AzureKeyVault.CertificatePolicy.x509_propsUnknownProperties of the X509 component of a certificate.
AzureKeyVault.CertificatePolicy.lifetime_actionsUnknownActions that will be performed by Key Vault over the lifetime of a certificate.
AzureKeyVault.CertificatePolicy.issuerUnknownParameters for the issuer of the X509 component of a certificate.
AzureKeyVault.CertificatePolicy.attributes.enabledBooleanDetermines whether the object is enabled.
AzureKeyVault.CertificatePolicy.attributes.createdDateCreation time in UTC.
AzureKeyVault.CertificatePolicy.attributes.updatedDateLast updated time in UTC.

Command Example#

!azure-key-vault-certificate-policy-get certificate_name=test-cer-1 vault_name=xsoar-test-vault

Context Example#

{
"AzureKeyVault": {
"CertificatePolicy": {
"CertificateName": "test-cer-1",
"attributes": {
"created": "2021-08-11T12:05:31",
"enabled": true,
"updated": "2021-08-11T12:05:31"
},
"id": "https://xsoar-test-vault.vault.azure.net/certificates/test-cer-1/policy",
"issuer": {
"name": "Self"
},
"key_props": {
"exportable": true,
"key_size": 2048,
"kty": "RSA",
"reuse_key": false
},
"lifetime_actions": [
{
"action": {
"action_type": "AutoRenew"
},
"trigger": {
"lifetime_percentage": 80
}
}
],
"secret_props": {
"contentType": "application/x-pkcs12"
},
"x509_props": {
"basic_constraints": {
"ca": false
},
"ekus": [
"1.3.6.1.5.5.7.3.1",
"1.3.6.1.5.5.7.3.2"
],
"key_usage": [
"digitalSignature",
"keyEncipherment"
],
"sans": {
"dns_names": []
},
"subject": "CN=test",
"validity_months": 12
}
}
}
}

Human Readable Output#

test-cer-1 Policy Information#

IdKey PropsSecret PropsX509 PropsIssuerAttributes
https://xsoar-test-vault.vault.azure.net/certificates/test-cer-1/policyexportable: true
kty: RSA
key_size: 2048
reuse_key: false
contentType: application/x-pkcs12subject: CN=test
sans: {"dns_names": []}
ekus: 1.3.6.1.5.5.7.3.1,
1.3.6.1.5.5.7.3.2
key_usage: digitalSignature,
keyEncipherment
validity_months: 12
basic_constraints: {"ca": false}
name: Selfenabled: true
created: 2021-08-11T12:05:31
updated: 2021-08-11T12:05:31