Discover secrets from Azure Key Vault. Populates the secrets inventory with names, enabled state, and expiry-based rotation metadata. Secret values are never read.
Source connector — pulls identity and access data from Azure Key Vault into ComplianceScout where it is scored against your compliance frameworks and violation rules.
After a successful sync, the following data is available in your ComplianceScout dashboard for violation detection and reporting.
These fields are collected when you add the connector in the ComplianceScout dashboard. Secrets are encrypted at rest using AES-256-GCM and are never logged.
| Field | Type | Required | Notes |
|---|---|---|---|
| Vault URL | URL | Required | e.g. https://acme.vault.azure.net |
| Tenant ID | Text | Required | Azure AD tenant ID (GUID). |
| Client ID | Text | Required | Application (client) ID of the service principal. |
| Client secret | Secret | Required | Client secret of the service principal. The SP must have the Key Vault Secrets User role on the vault. |
Follow these steps to gather the credentials above and connect Azure Key Vault to ComplianceScout.
In the Azure Portal, go to Microsoft Entra ID → App registrations → New registration. Name it "ComplianceScout".
Go to Certificates & secrets → New client secret, set an expiry, and copy the value.
Copy the Application (client) ID and Directory (tenant) ID from the Overview page.
Navigate to your Key Vault → Access control (IAM) → Add role assignment. Assign the "Key Vault Secrets User" role to the app registration.
In ComplianceScout, go to Data & Secrets → Integrations → Add Connector → Azure Key Vault, enter the Vault URL and credentials, then click Test and Save.
Start a free trial — your tenant is provisioned instantly and you can wire up this integration from the connectors page.