Add Access Policy for Key Vault Attributes 
You need to allow Trend Vision One™ – Cloud Posture permission to list Key
Vault Attributes and Secrets in your Azure account to be able to run certain
rules successfully in the Cloud Posture
platform.
You will need to set up:
Procedure
- From Azure Home, go to Key Vaults.
- Navigate to the vault containing the keys and secrets that you want the
rule to monitor.
- Go to the Access policies section and click on the +Add
Access policy button.
- To set up Key permissions:
- For Key permissions, select List from the dropdown.
- Under Key Management Operations check
List.
{.zoom}
- To set up Secret permissions:
- For Secret permissions, select List from the dropdown.
- Under Secret Management Operations select List.
- To set up Certificate permissions:
- For Certificate permissions, select List from the dropdown.
- Under Certificate Management Operations select List.
- Select the App registration setup in the Setup an Azure App registration step as the
Principal.
{.zoom}
- Click on Select in the bottom right corner.
- Click Add.
- Click Save on the next page.
What to do next
Once you save the changes, a notification is displayed in the top right corner of
the screen confirming the key vault update.
Firewall Enabled Keyvaults
For Keyvaults that have the firewall enabled, you will need to add the Cloud Posture’s IPv4 addresses to allow
API calls from Cloud Posture needed for
Keyvault Rules.
-
From Azure Home, go to Key Vaults.
-
Navigate to the vault containing the keys and secrets that you want the rule to monitor.
-
Go to the Networking section from left navigation
-
Under the Firewall section, add the following IPv4 addresses or CIDR blocks:
|
Region
|
Addresses
|
|
us-west-2 (Oregon)
|
|
|
ap-southeast-2 (Sydney)
|
|
|
eu-west-1 (Ireland)
|
|
|
Ca-central-1 (Canada)
|
|
|
ap-southeast-1 (Singapore)
|
|
|
eu-central-1, CloudOne Germany (de-1)
|
|
|
ap-northeast-1, CloudOne Japan (jp-1)
|
|