Azure Event Grid - Easily setting up automated notifications about expired Azure Key Vault Secrets

Motivation

From my project experience I am aware that expired credentials can cause big issues, for e.g. when a workflow on Databricks is not able to access a Data Lake storage and fails. Therefore, it would be helpful to get automatically notified when credentials expire or when they are about to expire. Implementing this is not impossible, however, I did not want to spend too much time on this side issue and was looking for a quick fix. I think I found it and I would like to share how I did it making use of Azure Event Grid.

Prerequisites

On the one hand, the credentials which will eventually expire are being kept in an Azure Key Vault resource. Within Azure Key Vault they are referred to as "secrets", so I will use this naming in the remainder of the article. On the other hand, the notifications will be sent via an Azure Logic App workflow triggered by an HTTP request. The integration between those two resources will be realized by Azure Event Grid.

Step-by-Step

Let's have a look at how to easily and quickly implement an example.

Step 1 - Register the namespace Microsoft.EventGrid in your subscription

Step 2 - Go to your Azure Key Vault resource, navigate to Events and click on "+ Event Subscription"

Step 3 - Configure the Event Subscription like shown below

Step 4 - Select Web Hook as an endpoint and provide the "HTTP POST URL" from your Logic App

Step 5 - Have your Logic App workflow send an e-mail after being triggered by an HTTP request

Wrap-Up

The implementation was pretty fast and did not require lots of deep technical knowledge. Also, you may use other Azure Events to trigger notifications or workflows. It does not have to be related to expired secrets. For example you might want to get notified when somebody changes the name of a directory in your storage account.

Have fun using Azure Event Grid and feel free to reach out for questions related to the article.