Modules/Scripts/Infrastructure/Vault.ps1
<#
.Synopsis Inventory for Azure Key Vault .DESCRIPTION This script consolidates information for all microsoft.keyvault/vaults and resource provider in $Resources variable. Excel Sheet Name: Vault .Link https://github.com/microsoft/ARI/Modules/Infrastructure/Vault.ps1 .COMPONENT This powershell Module is part of Azure Resource Inventory (ARI) .NOTES Version: 3.0.2 First Release Date: 19th November, 2020 Authors: Claudio Merola and Renato Gregio #> <######## Default Parameters. Don't modify this ########> param($SCPath, $Sub, $Intag, $Resources, $Task ,$File, $SmaResources, $TableStyle, $Unsupported) If ($Task -eq 'Processing') { <######### Insert the resource extraction here ########> $VAULT = $Resources | Where-Object {$_.TYPE -eq 'microsoft.keyvault/vaults'} <######### Insert the resource Process here ########> if($VAULT) { $tmp = @() foreach ($1 in $VAULT) { $ResUCount = 1 $sub1 = $SUB | Where-Object { $_.id -eq $1.subscriptionId } $data = $1.PROPERTIES if([string]::IsNullOrEmpty($Data.enableSoftDelete)){$Soft = $false}else{$Soft = $Data.enableSoftDelete} if([string]::IsNullOrEmpty($data.enableRbacAuthorization)){$RBAC = $false}else{$RBAC = $Data.enableRbacAuthorization} $Tags = if(![string]::IsNullOrEmpty($1.tags.psobject.properties)){$1.tags.psobject.properties}else{'0'} $AccessPol = if(![string]::IsNullOrEmpty($data.accessPolicies)){$data.accessPolicies}else{'0'} Foreach($2 in $AccessPol) { $Secrets = if ($2.permissions.secrets.count -gt 1) { $2.permissions.secrets | ForEach-Object { $_ + ' ,' } }else { $2.permissions.secrets } $Secrets = [string]$Secrets $Secrets = if ($Secrets -like '* ,*') { $Secrets -replace ".$" }else { $Secrets } $Keys = if ($2.permissions.keys.count -gt 1) { $2.permissions.keys | ForEach-Object { $_ + ' ,' } }else { $2.permissions.keys } $Keys = [string]$Keys $Keys = if ($Keys -like '* ,*') { $Keys -replace ".$" }else { $Keys } $Certs = if ($2.permissions.certificates.count -gt 1) { $2.permissions.certificates | ForEach-Object { $_ + ' ,' } }else { $2.permissions.certificates } $Certs = [string]$Certs $Certs = if ($Certs -like '* ,*') { $Certs -replace ".$" }else { $Certs } foreach ($Tag in $Tags) { $obj = @{ 'ID' = $1.id; 'Subscription' = $sub1.Name; 'Resource Group' = $1.RESOURCEGROUP; 'Name' = $1.NAME; 'Location' = $1.LOCATION; 'SKU Family' = $data.sku.family; 'SKU' = $data.sku.name; 'Vault Uri' = $data.vaultUri; 'Public Network Access' = $data.publicnetworkaccess; 'Enable RBAC' = $RBAC; 'Enable Soft Delete' = $Soft; 'Enable for Disk Encryption' = $data.enabledForDiskEncryption; 'Soft Delete Retention Days' = $data.softDeleteRetentionInDays; 'Access Policy ObjectID' = $2.objectid; 'Certificate Permissions' = $Certs; 'Key Permissions' = $Keys; 'Secret Permissions' = $Secrets; 'Resource U' = $ResUCount; 'Tag Name' = [string]$Tag.Name; 'Tag Value' = [string]$Tag.Value } $tmp += $obj if ($ResUCount -eq 1) { $ResUCount = 0 } } } } $tmp } } <######## Resource Excel Reporting Begins Here ########> Else { <######## $SmaResources.(RESOURCE FILE NAME) ##########> if($SmaResources.Vault) { $TableName = ('VaultTable_'+($SmaResources.Vault.id | Select-Object -Unique).count) $Style = New-ExcelStyle -HorizontalAlignment Center -AutoSize -NumberFormat '0' $condtxt = @() $condtxt += New-ConditionalText false -Range J:J $condtxt += New-ConditionalText enabled -Range H:H $Exc = New-Object System.Collections.Generic.List[System.Object] $Exc.Add('Subscription') $Exc.Add('Resource Group') $Exc.Add('Name') $Exc.Add('Location') $Exc.Add('SKU Family') $Exc.Add('SKU') $Exc.Add('Vault Uri') $Exc.Add('Public Network Access') $Exc.Add('Enable RBAC') $Exc.Add('Enable Soft Delete') $Exc.Add('Enable for Disk Encryption') $Exc.Add('Soft Delete Retention Days') $Exc.Add('Access Policy ObjectID') $Exc.Add('Certificate Permissions') $Exc.Add('Key Permissions') $Exc.Add('Secret Permissions') if($InTag) { $Exc.Add('Tag Name') $Exc.Add('Tag Value') } $ExcelVar = $SmaResources.Vault $ExcelVar | ForEach-Object { [PSCustomObject]$_ } | Select-Object -Unique $Exc | Export-Excel -Path $File -WorksheetName 'Key Vaults' -AutoSize -MaxAutoSizeRows 100 -TableName $TableName -TableStyle $tableStyle -ConditionalText $condtxt -Style $Style <######## Insert Column comments and documentations here following this model #########> #Close-ExcelPackage $excel } } |