Azure Policy not supporting for KeyVault Secrets


As per the doc, now the Azure Policy is support for KeyVault secrets. I have tried to apply the Tag policy "Require a tag on resources" by selecting the KeyVault & Secrets, but unfortunately, it applied only for KeyVaut not for Secret. Am I missing anything here to apply the policy?

1 Reply
Azure Policy supports the enforcement of certain configurations and compliance requirements on Azure resources, including KeyVaults.

Azure Policy operates at the resource level, which means you can apply policies on the KeyVault resource itself. For example, you can enforce policies on KeyVault properties, such as access policies, SKU, or network settings. However, policies directly targeting individual secrets within a KeyVault are not natively supported.

To enforce policies on secrets stored within a KeyVault, you may need to use alternative methods. One approach is to utilize Azure Resource Manager (ARM) templates and define the desired state for your KeyVault secrets within the template. By deploying or updating the KeyVault using the template, you can enforce the desired policies on the secrets.

Since my knowledge is not up-to-date, it is possible that Azure Policy has evolved since my last update. I recommend referring to the Azure Policy documentation and checking for any recent updates or features that may have been introduced to support policies on KeyVault secrets directly.