Managing Azure Reports
CCKM provides options to generate key visibility reports based on:
-
Key-related activities between CCKM and Azure Vault
-
Track keys by their expiration dates
-
What applications are using the keys
Azure reports are categorized as:
-
Key Activity Report: Inspect individual Azure key histories by operations, for example, when they were refreshed, rotated, edited, or deleted. Also, use this report to compare key activities between CCKM and Azure Vault.
-
Key Aging Report: Track keys by their expiration dates. Audit a range of dates, from past material deletions to future scheduled deletions, within the selected Azure Vault.
-
Service/Usage Report: Monitor key usage by tracking services and applications consuming the keys. View when and where a service requests the use of each key.
Prerequisites
For managing Azure reports on CCKM, you need an Azure Log Analytics workspace ID. This ID needs to be configured in the Diagnostic settings of the key vault for which reports need to be generated. To determine the workspace ID:
-
Configure Log analytics workspace. Refer to Create a Log Analytics workspace in the Azure portal for details.
Note
The Log Analytics Reader role is required to access Log Analytics workspace to generate the Azure reports on CCKM. Usually, the role comes via inheritance when the Reader role is assigned to an App on subscription. If the App does not have the read permission at the subscription level, the read permission should be explicitly provided at the individual resource level (Log Analytics workspace).
-
Determine the Workspace ID of the desired Log Analytics workspace. Click the workspace name to view its details including the Workspace ID.
-
Navigate to the Key vaults page. This page shows the list of existing Azure key vaults.
-
Perform the following steps:
-
Under Name, click the desired key vault. The <key-vault> page is displayed.
-
Click Diagnostic settings > Add diagnostic setting.
-
Specify a Diagnostic setting name.
-
Under Category details, select AuditEvent and AllMetrics.
-
Under Destination details:
-
Select Send to Log Analytics workspace.
-
Select the desired Subscription from the drop-down list.
-
Select the desired Log Analytics workspace from the drop-down list.
-
-
-
Save the changes.
The changes may take some time to take effect. After the changes are effective, you can manage Azure reports on CCKM, as described below.
Creating Azure Reports
CCKM users with the Add Report permission can create reports.
To create an Azure report:
-
Open the Cloud Key Manager application.
-
In the left pane, click Reports > Azure. The Azure Reports page is displayed.
-
Click Add Report. The Choose Report Type and Name screen of the Add Azure Report wizard is displayed.
-
Select a report type. The options are:
-
Key Activity Report
-
Key Aging Report
-
Service/Usage Report
-
-
Specify a Report Name. This is a mandatory field.
-
Click Next. The Select Analytics Parameters screen of the wizard is displayed.
-
Select an Azure Vault from the drop-down list. The list shows the available Azure key vaults with their types specified in parenthesis. The Azure key vault types are Standard, Premium, and ManagedHSM.
-
(Not applicable to Key Aging Report) Specify a Workspace ID. Refer to Prerequisites for instructions to determine the Workspace ID.
-
Click Add. The selected Azure Vault is displayed under Selected Log Analytics Parameters. Add more vaults, if required.
-
Click Next. The Set Start and End Dates screen of the wizard is displayed.
-
In the Include Entries From field, specify the start date and time for the report.
-
Click the field and select the date and time on the on-screen calender.
-
Alternatively, enter the time in
MM/DD/YYYY
HH:MM
format.
-
-
In the To field, specify the end date and time for the report.
-
Click Save.
A success message Created
Viewing Azure Reports
CCKM users with the View Report permission can view reports.
The Azure Reports page displays the list of existing reports. Filter the reports by their names.
To view existing Azure reports:
-
Open the Cloud Key Manager application.
-
In the left pane, click Reports > Azure. The list of available reports is displayed. The following details of the reports are displayed:
Column Name Description Report Name Name of the report. Run Date When the report is run. Type Type of the report. The type can be:
• Key Activity Report
• Key Aging Report
• Service/Usage ReportStart Date Start date from when the report is generated. If a report is run now, its status becomes Running Now. End Date End date for the report.
Viewing Details of an Azure Report
CCKM users with the View Report permission can view reports.
To view the details of an Azure report:
-
Open the Cloud Key Manager application.
-
In the left pane, click Reports > Azure. The list of available reports is displayed.
-
Click the desired Report Name link. The details of report are displayed.
Alternatively, click the overflow icon () corresponding to the desired alias and click View.
Downloading Azure Reports
CCKM users with the Download Report permission can download reports.
To download an Azure report as a CSV file:
-
Open the Cloud Key Manager application.
-
In the left pane, click Reports > Azure. The list of available reports is displayed.
-
Click the overflow icon () corresponding to the desired alias and click Download.
Alternatively, click the desired report under Report Name, and click Download CSV in the detail view.
The report is downloaded as a CSV file.
Deleting Azure Reports
CCKM users with the Delete Report permission can delete reports.
To delete an Azure report:
-
Open the Cloud Key Manager application.
-
In the left pane, click Reports > Azure. The list of available reports is displayed.
-
Click the overflow icon () corresponding to the desired alias and click Delete. The Confirm Delete Report message is displayed.
-
Click Delete Report.
The report is removed from the list of reports.