As you know, with Azure Key Vault you can save various credentials details, including certificates used by your application or your Azure infrastructure services.
With the increase of certificates use, you may have more and more certificates saved into your Key Vault, making it more complicated to manage.
Well, good new, new policies have been added to help you in your certificates management stored on Azure Key Vault. With these new policies, you can manage your certificates using the following tagging options:
- Issuer Policy: Flag certificates that are (or are not) issued by a particular issuer
- Key Type Policy: Flag certificates that are (or are not) protected by a RSA or ECC key pairs
- Key Size Policy: Flag certificates that are (or are not protected) by a key of a certain size
- Expiry Policy: Flag certificates that are (or are not) renewed within “X” number of days of their expiry date
- Validity Lifespan Policy: Flag certificates that have (or do not have) Validity Lifespan that is less than, or more than, or equal to “X” number of years
To start using these new policies, logon to your Azure portal (https://portal.azure.com/) and reach out to the Policy configuration blade
Then access the Definition blade, available below the Authoring section
Filter the available policy by searching for Policy as definition type and Key Vault as category
Then assign the policy/policies you want to implement for your certificates in your Key Vault.