Proactively monitor and audit Azure Key Vault resources for expired or soon-to-expire keys, secrets, and certificates. Use this skill for security compliance, preventing service disruptions, and maintaining key vault hygiene through expiration tracking and reporting.
View on GitHubmicrosoft/GitHub-Copilot-for-Azure
azure
February 1, 2026
Select agents to install to:
npx add-skill https://github.com/microsoft/GitHub-Copilot-for-Azure/blob/main/plugin/skills/azure-keyvault-expiration-audit/SKILL.md -a claude-code --skill azure-keyvault-expiration-auditInstallation paths:
.claude/skills/azure-keyvault-expiration-audit/# Key Vault Expiration Audit & Compliance Automated auditing of Azure Key Vault resources to identify expired or expiring keys, secrets, and certificates before they cause service disruptions. ## Skill Activation Triggers **Use this skill immediately when the user asks to:** - "Show me expired certificates/keys/secrets in my Key Vault" - "Check what's expiring in the next 30 days" - "Audit my Key Vault for compliance" - "Find secrets without expiration dates" - "Generate a security report for my Key Vault" - "Which keys have expired in production?" - "Check certificate expiration dates" **Key Indicators:** - Mentions "expired", "expiring", or "expiration" with Key Vault - Compliance audit or security review requests - Questions about Key Vault resource lifecycle - Requests to find resources without expiration dates - Pre-deployment security checks ## Overview This skill monitors Azure Key Vault resources (keys, secrets, certificates) for expiration issues. It helps prevent service disruptions by identifying: - **Expired resources** causing active problems - **Expiring soon** (within customizable days threshold) - **Missing expiration dates** (security risk) - **Disabled resources** needing cleanup ## Core Workflow 1. **List Resources**: Enumerate keys, secrets, and certificates in target vault(s) 2. **Get Details**: Retrieve expiration metadata for each resource 3. **Analyze Status**: Compare expiration dates against current date and threshold 4. **Generate Report**: Organize findings by priority with actionable recommendations ## Audit Patterns ### Pattern 1: Single Vault Quick Scan Check one Key Vault for all expiration issues with configurable day threshold (default: 30 days). **Tools**: `keyvault_key_list`, `keyvault_key_get`, `keyvault_secret_list`, `keyvault_secret_get`, `keyvault_certificate_list`, `keyvault_certificate_get` ### Pattern 2: Multi-Vault Compliance Report Scan multiple vaults across subscription for comprehensive security review. **