|
| 1 | +--- |
| 2 | +title: Email when Key Vault status of the secret changes |
| 3 | +description: Guide to use Logic Apps to respond to Key Vault secrets changes |
| 4 | +services: key-vault |
| 5 | +author: msmbaldwin |
| 6 | +manager: rkarlin |
| 7 | +tags: azure-resource-manager |
| 8 | + |
| 9 | +ms.service: key-vault |
| 10 | +ms.topic: tutorial |
| 11 | +ms.date: 11/11/2019 |
| 12 | +ms.author: mbaldwin |
| 13 | + |
| 14 | +--- |
| 15 | +# Use Logic Apps to receive email about status changes of key vault secrets |
| 16 | + |
| 17 | +In this guide you will learn how to respond to Azure Key Vault events that are received via [Azure Event Grid](../event-grid/index.yml) by using [Azure Logic Apps](../logic-apps/index.yml). By the end, you will have an Azure logic app set up to send a notification email every time a secret is created in Azure Key Vault. |
| 18 | + |
| 19 | +For an overview of Azure Key Vault / Azure Event Grid integration, see [Monitoring Key Vault with Azure Event Grid (preview)](event-grid-overview.md). |
| 20 | + |
| 21 | +## Prerequisites |
| 22 | + |
| 23 | +- An email account from any email provider that is supported by Azure Logic Apps (such as Office 365 Outlook). This email account is used to send the event notifications. For a complete list of supported Logic App connectors, see the [Connectors overview](/connectors) |
| 24 | +- An Azure subscription. If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin. |
| 25 | +- A key vault in your Azure Subscription. You can quickly create a new key vault by following the steps in [Set and retrieve a secret from Azure Key Vault using Azure CLI](quick-create-cli.md). |
| 26 | + |
| 27 | +## Create a Logic App via Event Grid |
| 28 | + |
| 29 | +First, create Logic App with event grid handler and subscribe to Azure Key Vault "SecretNewVersionCreated" events. |
| 30 | + |
| 31 | +To create an Azure Event Grid subscription, follow these steps: |
| 32 | + |
| 33 | +1. Open the Azure portal using the following link: https://portal.azure.com/?Microsoft_Azure_KeyVault_ShowEvents=true&Microsoft_Azure_EventGrid_publisherPreview=true |
| 34 | +1. In the Azure portal, go to your key vault, select **Events > Get Started** and click **Logic Apps** |
| 35 | + |
| 36 | + |
| 37 | +  |
| 38 | + |
| 39 | +1. On **Logic Apps Designer** validate the connection and click **Continue** |
| 40 | + |
| 41 | +  |
| 42 | + |
| 43 | +1. On the **When a a resource event occurs** screen, do the following: |
| 44 | + - Leave **Subscription** and **Resource Name** as default. |
| 45 | + - Select **Microsoft.KeyVault.vaults** for the **Resource Type**. |
| 46 | + - Select **Microsoft.KeyVault.SecretNewVersionCreated** for **Event Type Item - 1**. |
| 47 | + |
| 48 | +  |
| 49 | + |
| 50 | +1. Select **+ New Step** This will open a window to Choose an action. |
| 51 | +1. Search for **Email**. Based on your email provider, find and select the matching connector. This tutorial uses **Office 365 Outlook**. The steps for other email providers are similar. |
| 52 | +1. Select the **Send an email (V2)** action. |
| 53 | + |
| 54 | +  |
| 55 | + |
| 56 | +1. Build your email template: |
| 57 | + - **To:** Enter the email address to receive the notification emails. For this tutorial, use an email account that you can access for testing. |
| 58 | + - **Subject** and **Body**: Write the text for your email. Select JSON properties from the selector tool to include dynamic content based on event data. You can retrieve the data of the event using `@{triggerBody()?['Data']}`. |
| 59 | + |
| 60 | + Your email template may look like this example. |
| 61 | + |
| 62 | +  |
| 63 | + |
| 64 | +8. Click **Save as**. |
| 65 | +9. Enter a **name** for new logic app and click **Create**. |
| 66 | + |
| 67 | +  |
| 68 | + |
| 69 | +## Test and verify |
| 70 | + |
| 71 | +1. Go to your key vault on the Azure portal and select **Events > Event Subscriptions**. Verify that a new subscription created |
| 72 | + |
| 73 | +  |
| 74 | + |
| 75 | +1. Go to your key vault, select **Secrets**, and select **+ Generate/Import**. Create a new secret for testing purposes name the key and keep the remaining parameters in their default settings. |
| 76 | + |
| 77 | +  |
| 78 | + |
| 79 | +1. On the **Create a secret** screen provide any name, any value, and select **Create**. |
| 80 | + |
| 81 | +When the secret is created, an email will be received at the configured addresses. |
| 82 | + |
| 83 | +## Next steps |
| 84 | + |
| 85 | +- Overview: [Monitoring Key Vault with Azure Event Grid (preview)](event-grid-overview.md) |
| 86 | +- How to: [Route key vault notifications to Azure Automation](event-grid-tutorial.md). |
| 87 | +- [Azure Event Grid event schema for Azure Key Vault (preview)](../event-grid/event-schema-key-vault.md) |
| 88 | +- Learn more about [Azure Event Grid](../event-grid/index.yml). |
| 89 | +- Learn more about the [Logic Apps feature of Azure App Service](../logic-apps/index.yml). |
0 commit comments