Azure Key Vault as Event Grid source
This article provides the properties and schema for events in Azure Key Vault. For an introduction to event schemas, see Azure Event Grid event schema and Cloud event schema.
Available event types
An Azure Key Vault account generates the following event types:
Event full name | Event display name | Description |
---|---|---|
Microsoft.KeyVault.CertificateNewVersionCreated | Certificate New Version Created | Triggered when a new certificate or new certificate version is created. |
Microsoft.KeyVault.CertificateNearExpiry | Certificate Near Expiry | Triggered when the current version of certificate is about to expire. (The event is triggered 30 days before the expiration date.) |
Microsoft.KeyVault.CertificateExpired | Certificate Expired | Triggered when the current version of a certificate is expired. |
Microsoft.KeyVault.KeyNewVersionCreated | Key New Version Created | Triggered when a new key or new key version is created. |
Microsoft.KeyVault.KeyNearExpiry | Key Near Expiry | Triggered when the current version of a key is about to expire. The event time can be configured using key rotation policy |
Microsoft.KeyVault.KeyExpired | Key Expired | Triggered when the current version of a key is expired. |
Microsoft.KeyVault.SecretNewVersionCreated | Secret New Version Created | Triggered when a new secret or new secret version is created. |
Microsoft.KeyVault.SecretNearExpiry | Secret Near Expiry | Triggered when the current version of a secret is about to expire. (The event is triggered 30 days before the expiration date.) |
Microsoft.KeyVault.SecretExpired | Secret Expired | Triggered when the current version of a secret is expired. |
Microsoft.KeyVault.VaultAccessPolicyChanged | Vault Access Policy Changed | Triggered when an access policy on Key Vault changed. It includes a scenario when Key Vault permission model is changed to/from Azure role-based access control. |
Event examples
The following example show schema for Microsoft.KeyVault.SecretNewVersionCreated:
[
{
"id":"00eccf70-95a7-4e7c-8299-2eb17ee9ad64",
"source":"/subscriptions/{subscription-id}/resourceGroups/sample-rg/providers/Microsoft.KeyVault/vaults/sample-kv",
"subject":"newsecret",
"type":"Microsoft.KeyVault.SecretNewVersionCreated",
"time":"2019-07-25T01:08:33.1036736Z",
"data":{
"Id":"https://sample-kv.vault.azure.cn/secrets/newsecret/ee059b2bb5bc48398a53b168c6cdcb10",
"VaultName":"sample-kv",
"ObjectType":"Secret",
"ObjectName":"newsecret",
"Version":"ee059b2bb5bc48398a53b168c6cdcb10",
"NBF":"1559081980",
"EXP":"1559082102"
},
"specversion":"1.0"
}
]
Event properties
An event has the following top-level data:
Property | Type | Description |
---|---|---|
source |
string | Full resource path to the event source. This field isn't writeable. Event Grid provides this value. |
subject |
string | Publisher-defined path to the event subject. |
type |
string | One of the registered event types for this event source. |
time |
string | The time the event is generated based on the provider's UTC time. |
id |
string | Unique identifier for the event. |
data |
object | App Configuration event data. |
specversion |
string | CloudEvents schema specification version. |
The data object has the following properties:
Property | Type | Description |
---|---|---|
id |
string | The ID of the object that triggered this event |
VaultName |
string | The key vault name of the object that triggered this event |
ObjectType |
string | The type of the object that triggered this event |
ObjectName |
string | The name of the object that triggered this event |
Version |
string | The version of the object that triggered this event |
NBF |
number | The not-before date in seconds since 1970-01-01T00:00:00Z of the object that triggered this event |
EXP |
number | The expiration date in seconds since 1970-01-01T00:00:00Z of the object that triggered this event |
Next steps
- For an introduction to Azure Event Grid, see What is Event Grid?.
- For more information about how to create an Azure Event Grid subscription, see Event Grid subscription schema.
- For more information about Key Vault, see What is Azure Key Vault?