Azure Resource Graph sample queries for Azure Key Vault

This page is a collection of Azure Resource Graph sample queries for Azure Key Vault.

Sample queries

Count key vault resources

This query uses count instead of summarize to count the number of records returned. Only key vaults are included in the count.

Resources
| where type =~ 'microsoft.keyvault/vaults'
| count
az graph query -q "Resources | where type =~ 'microsoft.keyvault/vaults' | count"

Key vaults with subscription name

The following query shows a complex use of join with kind as leftouter. The query limits the joined table to subscriptions resources and with project to include only the original field subscriptionId and the name field renamed to SubName. The field rename avoids join adding it as name1 since the field already exists in resources. The original table is filtered with where and the following project includes columns from both tables. The query result is all key vaults displaying type, the name of the key vault, and the name of the subscription it's in.

Resources
| join kind=leftouter (ResourceContainers | where type=='microsoft.resources/subscriptions' | project SubName=name, subscriptionId) on subscriptionId
| where type == 'microsoft.keyvault/vaults'
| project type, name, SubName
az graph query -q "Resources | join kind=leftouter (ResourceContainers | where type=='microsoft.resources/subscriptions' | project SubName=name, subscriptionId) on subscriptionId | where type == 'microsoft.keyvault/vaults' | project type, name, SubName"

Next steps