Control: Kubernetes clusters key vault secret rotation should be enabled
Description
This control checks if key vault secret rotation should is enabled for Kubernetes cluster.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.kubernetes_cluster_key_vault_secret_rotation_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.kubernetes_cluster_key_vault_secret_rotation_enabled --shareSQL
This control uses a named query:
select c.id as resource, case when addon_profiles -> 'azureKeyvaultSecretsProvider' -> 'config' ->> 'enableSecretRotation' = 'true' then 'ok' else 'alarm' end as status, case when addon_profiles -> 'azureKeyvaultSecretsProvider' -> 'config' ->> 'enableSecretRotation' = 'true' then c.name || ' key vault secret rotation enabled.' else c.name || ' key vault secret rotation disabled.' end as reason , c.resource_group as resource_group , sub.display_name as subscriptionfrom azure_kubernetes_cluster c, azure_subscription subwhere sub.subscription_id = c.subscription_id;