--- title: "Get Scan Keys report." slug: "get-scan-keys-report-1" updated: 2025-10-18T04:50:53Z published: 2025-10-18T04:50:58Z canonical: "support.fortanix.com/get-scan-keys-report-1" --- > ## Documentation Index > Fetch the complete documentation index at: https://support.fortanix.com/llms.txt > Use this file to discover all available pages before exploring further. # Get Scan Keys report. Get/api/v1/discovery/scans/{id}/key_usage_report/azure Get Scan Keys report. SecurityOAuth OAuth 2.0 client credential flow, see [https://datatracker.ietf.org/doc/html/rfc6749#section-4.4](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4). FlowClient Credentials Token URLhttps://api.armor.fortanix.com/api/v1/iam/session/oauth2/token Path parametersidstring (uuid) Required Query parametersDiscoveryAzureKeyUsageParamsobject filterstring limitinteger previous_idstring previous_sort_valuestring sort_bystring Responses2XX Success result Expand Allobject items Array of object (DiscoveryAzureKeyUsageDetails) object keyobject detailsOneOfobject$typestring Valid values[ "database" ] OneOfobjectobject$db_variantstring Valid values[ "sql_single_server" ] propertiesobject deployment_namestring encryption_detailsobject analysisobject encrypted_with_expired_keyboolean | null encrypted_with_exportable_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] key_source Specifier for optional CMK Keys. OneOfobjectobject$typestring Valid values[ "deployment_level_customer_managed_key" ] key_idstring objectobject$typestring Valid values[ "deployment_level_microsoft_managed_key" ] objectobject$typestring Valid values[ "database_level_customer_managed_key" ] key_idstring inner_databases_properties Array of object (DiscoveryAzureDatabaseProperties) object database_namestring is_tde_enabledboolean If true, encryption is in place either with a CMK (customer managed key) or MMK (microsoft managed key). tierstring The service tiers for SQL Single Server. Valid values[ "server", "serverless" ] objectobject$db_variantstring Valid values[ "sql_managed_instance" ] propertiesobject deployment_namestring encryption_detailsobject analysisobject encrypted_with_expired_keyboolean | null encrypted_with_exportable_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] key_source Specifier for optional CMK Keys. OneOfobjectobject$typestring Valid values[ "deployment_level_customer_managed_key" ] key_idstring objectobject$typestring Valid values[ "deployment_level_microsoft_managed_key" ] objectobject$typestring Valid values[ "database_level_customer_managed_key" ] key_idstring inner_databases_properties Array of object (DiscoveryAzureDatabaseProperties) object database_namestring is_tde_enabledboolean If true, encryption is in place either with a CMK (customer managed key) or MMK (microsoft managed key). objectobject$db_variantstring Valid values[ "sql_managed_instance_pool" ] propertiesobject deployment_namestring encryption_detailsobject analysisobject encrypted_with_expired_keyboolean | null encrypted_with_exportable_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] key_source Specifier for optional CMK Keys. OneOfobjectobject$typestring Valid values[ "deployment_level_customer_managed_key" ] key_idstring objectobject$typestring Valid values[ "deployment_level_microsoft_managed_key" ] objectobject$typestring Valid values[ "database_level_customer_managed_key" ] key_idstring inner_databases_properties Array of object (DiscoveryAzureDatabaseProperties) object database_namestring is_tde_enabledboolean If true, encryption is in place either with a CMK (customer managed key) or MMK (microsoft managed key). objectobject$db_variantstring Valid values[ "cosmos_db" ] apistring The API a Cosmos databases exposes to applications. Some possible values currently available in Azure are "Sql", "MongoDB", "Cassandra", ... This may be directly exposed in the frontend. propertiesobject deployment_namestring encryption_detailsobject analysisobject encrypted_with_expired_keyboolean | null encrypted_with_exportable_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] key_source Specifier for optional CMK Keys. OneOfobjectobject$typestring Valid values[ "deployment_level_customer_managed_key" ] key_idstring objectobject$typestring Valid values[ "deployment_level_microsoft_managed_key" ] objectobject$typestring Valid values[ "database_level_customer_managed_key" ] key_idstring inner_databases_properties Array of object (DiscoveryAzureDatabaseProperties) object database_namestring is_tde_enabledboolean If true, encryption is in place either with a CMK (customer managed key) or MMK (microsoft managed key). objectobject$typestring Valid values[ "kv_key_version" ] analysisobject crypto_policy_complianceobject is_compliantboolean Represents if the crypto policy is compliant for the key. violation_reasonstring | null Represents the violation reason if the non-compliant against the crypto policy, otherwise `None`. is_sharedboolean Defaults to `false`. Will be `true` only if underlying key is used to encrypt multiple services. overly_permissive_key_violationsobject management_violations Array of object (DiscoveryAzureKvKeyPolicyInfo) object principal_idstring role_assignment_idstring role_definition_idstring usage_violations Array of object (DiscoveryAzureKvKeyPolicyInfo) object principal_idstring role_assignment_idstring role_definition_idstring usage_detailsobject encryptobject service_countinteger usages Array of string (DiscoveryKeyUsage) | null string Valid values[ "encrypt", "unused" ] is_current_versionboolean True if this is the latest key version, False otherwise. is_key_managedboolean True if the key version's lifetime is managed by key vault, False otherwise. key_attributesobject activation_datestring The timestamp when the key will be activated. None, if the activation date is not set for the key. Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z created_atstring The timestamp of creation of the key. Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z expiry_datestring The timestamp when the key will expire. None, if the expiry date is not scheduled for the key. Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z is_enabledboolean Represents true if the key is enabled, false otherwise. is_exportableboolean Represents true if the key is exportable, false otherwise. key_availabilityOneOfobjectobject$typestring Valid values[ "available" ] objectobject$typestring Valid values[ "soft_deleted" ] deleted_onstring Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z scheduled_purge_onstring Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z recoverable_daysinteger Soft Delete data retention days. Value should be >=7 and <=90 when soft delete is enabled, otherwise 0. Minimum0Maximum4294967295 recovery_levelstring Valid values[ "customized_recoverable", "customized_recoverable_and_protected_subscription", "customized_recoverable_and_purgeable", "purgeable", "recoverable", "recoverable_and_protected_subscription", "recoverable_and_purgeable", "unknown" ] updated_atstring The timestamp when the key was last updated. By default, it will always have the key creation timestamp as the last updated time. Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z key_namestring The name associated with the key version. key_ops Array of string (DiscoveryAzureKvKeyOperation) Allowed key operations on the key version. string Valid values[ "encrypt", "decrypt", "sign", "verify", "wrap_key", "unwrap_key", "import" ] key_rotation_datestring Returns the date when the key will be rotated. None, when the auto key rotation is not enabled for the key. Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z key_sourcestring Valid values[ "kv", "fortanix", "other" ] key_typestring Valid values[ "rsa2048", "rsa3072", "rsa4096", "rsa_hsm2048", "rsa_hsm3072", "rsa_hsm4096", "ecc_nist_p256", "ecc_nist_p384", "ecc_nist_p521", "ecc_secg_p256k1", "ecc_nist_hsm_p256", "ecc_nist_hsm_p384", "ecc_nist_hsm_p521", "ecc_secg_hsm_p256k1", "oct", "oct_hsm", "unknown" ] key_vault_access_tierstring Valid values[ "standard", "premium" ] key_vault_namestring Represents the Azure Key Vault Name. key_vault_uristring Represents the Azure key vault URI. key_versionstring The key version of the scanned key. source_scan_inventory_objectobject idstring (uuid) scan_idstring (uuid) tagsobject The tags associated with the key version. property*string additionalProperties objectobject$typestring Valid values[ "storage_account" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_exportable_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] blob_anonymous_access_enabledboolean encryption_settingsobject key_source The encryption key source (provider). OneOfobjectobject$typestring Valid values[ "key_vault" ] key_idstring objectobject$typestring Valid values[ "storage" ] kindstring Valid values[ "blob_storage", "block_blob_storage", "file_storage", "storage", "storage_v2", "unknown" ] namestring objectobject$typestring Valid values[ "container_group" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_exportable_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean encrypted_with_overly_permissive_usage_keyboolean encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] encryption_sourceOneOfobjectobject$typestring Valid values[ "microsoft_managed_key" ] objectobject$typestring Valid values[ "customer_managed_key" ] key_idstring namestring objectobject$typestring Valid values[ "managed_disk" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_exportable_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] disk_size_gbinteger (int32) disk_statestring Used to represent state of [AzureManagedDisk]. for reference: [Documentation](https://learn.microsoft.com/en-us/rest/api/compute/disks/list-by-resource-group?view=rest-compute-2024-03-01&tabs=HTTP#diskstate) Valid values[ "active_sas", "active_sas_frozen", "active_upload", "attached", "frozen", "ready_to_upload", "reserved", "unattached", "other" ] disk_typestring Used to represent SKU of [AzureManagedDisk]. For reference: [Documentation](https://learn.microsoft.com/en-us/rest/api/compute/disks/list-by-resource-group?view=rest-compute-2024-03-01&tabs=HTTP#diskstate) Valid values[ "premium_v2_lrs", "premium_lrs", "premium_zrs", "standard_ssd_lrs", "standard_ssd_zrs", "standard_lrs", "ultra_ssd_lrs" ] encryption_settings Used to describe [Server-side encryption](https://learn.microsoft.com/en-us/azure/virtual-machines/disk-encryption) configuration of [AzureManagedDisks] - This does not cover [Azure Disk Encryption](https://learn.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-overview) which is handled on a volume level on VM OneOfobjectobject$typestring Valid values[ "encryption_at_rest_with_azure_managed_key" ] objectobject$typestring Valid values[ "confidential_vm_encrypted_with_azure_managed_key" ] objectobject$typestring Valid values[ "confidential_vm_encrypted_with_customer_key" ] key_idstring key_rotation_enabledboolean objectobject$typestring Valid values[ "encryption_at_rest_with_customer_key" ] key_idstring key_rotation_enabledboolean objectobject$typestring Valid values[ "encryption_at_rest_with_azure_and_customer_keys" ] key_idstring key_rotation_enabledboolean namestring objectobject$typestring Valid values[ "managed_cluster" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_exportable_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean encrypted_with_overly_permissive_usage_keyboolean encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] disk_encryption_detailsOneOfobjectobject$typestring Valid values[ "encryption_at_rest_with_customer_key" ] key_idstring key_rotation_enabledboolean objectobject$typestring Valid values[ "encryption_at_rest_with_platform_key" ] namestring objectobject$typestring Valid values[ "storage_account_blob" ] analysisobject encrypted_with_expired_keyboolean encrypted_with_exportable_keyboolean encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean encrypted_with_overly_permissive_usage_keyboolean encrypted_with_quantum_vulnerable_keyboolean encrypted_with_shared_keyboolean key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] container_namestring encryption_settingsobject key_source The encryption key source (provider). OneOfobjectobject$typestring Valid values[ "key_vault" ] key_idstring objectobject$typestring Valid values[ "storage" ] namestring storage_account_namestring regionstring Valid values[ "asia", "asia_pacific", "australia", "australia_central", "australia_central2", "australia_east", "australia_south_east", "brazil", "brazil_south", "brazil_south_east", "brazil_us", "canada", "canada_central", "canada_east", "central_india", "central_us", "central_us_euap", "central_us_stage", "east_asia", "east_asia_stage", "east_us", "east_us_stage", "east_us_stg", "east_us2", "east_us2_stage", "east_us2_euap", "europe", "france", "france_central", "france_south", "germany", "germany_north", "germany_west_central", "global", "india", "israel", "israel_central", "italy", "italy_north", "japan", "japan_east", "japan_west", "jio_india_central", "jio_india_west", "korea", "korea_central", "korea_south", "new_zealand", "north_central_us", "north_central_us_stage", "north_europe", "norway", "norway_east", "norway_west", "poland", "poland_central", "qatar", "qatar_central", "singapore", "south_africa", "south_africa_north", "south_africa_west", "south_central_us", "south_central_us_stage", "south_east_asia", "south_east_asia_stage", "south_india", "sweden", "sweden_central", "switzerland", "switzerland_north", "switzerland_west", "uae", "uae_central", "uae_north", "uk", "uk_south", "uk_west", "united_states", "united_states_euap", "west_central_us", "west_europe", "west_india", "west_us", "west_us_stage", "west_us2", "west_us2_stage", "west_us3", "other" ] resource_groupobject namestring resource_idstring subscriptionobject idstring (uuid) namestring tenant_idstring (uuid) key_idstring protected_services Array of object (DiscoveryAzureObject) object detailsOneOfobject$typestring Valid values[ "database" ] OneOfobjectobject$db_variantstring Valid values[ "sql_single_server" ] propertiesobject deployment_namestring encryption_detailsobject analysisobject encrypted_with_expired_keyboolean | null encrypted_with_exportable_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] key_source Specifier for optional CMK Keys. OneOfobjectobject$typestring Valid values[ "deployment_level_customer_managed_key" ] key_idstring objectobject$typestring Valid values[ "deployment_level_microsoft_managed_key" ] objectobject$typestring Valid values[ "database_level_customer_managed_key" ] key_idstring inner_databases_properties Array of object (DiscoveryAzureDatabaseProperties) object database_namestring is_tde_enabledboolean If true, encryption is in place either with a CMK (customer managed key) or MMK (microsoft managed key). tierstring The service tiers for SQL Single Server. Valid values[ "server", "serverless" ] objectobject$db_variantstring Valid values[ "sql_managed_instance" ] propertiesobject deployment_namestring encryption_detailsobject analysisobject encrypted_with_expired_keyboolean | null encrypted_with_exportable_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] key_source Specifier for optional CMK Keys. OneOfobjectobject$typestring Valid values[ "deployment_level_customer_managed_key" ] key_idstring objectobject$typestring Valid values[ "deployment_level_microsoft_managed_key" ] objectobject$typestring Valid values[ "database_level_customer_managed_key" ] key_idstring inner_databases_properties Array of object (DiscoveryAzureDatabaseProperties) object database_namestring is_tde_enabledboolean If true, encryption is in place either with a CMK (customer managed key) or MMK (microsoft managed key). objectobject$db_variantstring Valid values[ "sql_managed_instance_pool" ] propertiesobject deployment_namestring encryption_detailsobject analysisobject encrypted_with_expired_keyboolean | null encrypted_with_exportable_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] key_source Specifier for optional CMK Keys. OneOfobjectobject$typestring Valid values[ "deployment_level_customer_managed_key" ] key_idstring objectobject$typestring Valid values[ "deployment_level_microsoft_managed_key" ] objectobject$typestring Valid values[ "database_level_customer_managed_key" ] key_idstring inner_databases_properties Array of object (DiscoveryAzureDatabaseProperties) object database_namestring is_tde_enabledboolean If true, encryption is in place either with a CMK (customer managed key) or MMK (microsoft managed key). objectobject$db_variantstring Valid values[ "cosmos_db" ] apistring The API a Cosmos databases exposes to applications. Some possible values currently available in Azure are "Sql", "MongoDB", "Cassandra", ... This may be directly exposed in the frontend. propertiesobject deployment_namestring encryption_detailsobject analysisobject encrypted_with_expired_keyboolean | null encrypted_with_exportable_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] key_source Specifier for optional CMK Keys. OneOfobjectobject$typestring Valid values[ "deployment_level_customer_managed_key" ] key_idstring objectobject$typestring Valid values[ "deployment_level_microsoft_managed_key" ] objectobject$typestring Valid values[ "database_level_customer_managed_key" ] key_idstring inner_databases_properties Array of object (DiscoveryAzureDatabaseProperties) object database_namestring is_tde_enabledboolean If true, encryption is in place either with a CMK (customer managed key) or MMK (microsoft managed key). objectobject$typestring Valid values[ "kv_key_version" ] analysisobject crypto_policy_complianceobject is_compliantboolean Represents if the crypto policy is compliant for the key. violation_reasonstring | null Represents the violation reason if the non-compliant against the crypto policy, otherwise `None`. is_sharedboolean Defaults to `false`. Will be `true` only if underlying key is used to encrypt multiple services. overly_permissive_key_violationsobject management_violations Array of object (DiscoveryAzureKvKeyPolicyInfo) object principal_idstring role_assignment_idstring role_definition_idstring usage_violations Array of object (DiscoveryAzureKvKeyPolicyInfo) object principal_idstring role_assignment_idstring role_definition_idstring usage_detailsobject encryptobject service_countinteger usages Array of string (DiscoveryKeyUsage) | null string Valid values[ "encrypt", "unused" ] is_current_versionboolean True if this is the latest key version, False otherwise. is_key_managedboolean True if the key version's lifetime is managed by key vault, False otherwise. key_attributesobject activation_datestring The timestamp when the key will be activated. None, if the activation date is not set for the key. Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z created_atstring The timestamp of creation of the key. Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z expiry_datestring The timestamp when the key will expire. None, if the expiry date is not scheduled for the key. Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z is_enabledboolean Represents true if the key is enabled, false otherwise. is_exportableboolean Represents true if the key is exportable, false otherwise. key_availabilityOneOfobjectobject$typestring Valid values[ "available" ] objectobject$typestring Valid values[ "soft_deleted" ] deleted_onstring Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z scheduled_purge_onstring Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z recoverable_daysinteger Soft Delete data retention days. Value should be >=7 and <=90 when soft delete is enabled, otherwise 0. Minimum0Maximum4294967295 recovery_levelstring Valid values[ "customized_recoverable", "customized_recoverable_and_protected_subscription", "customized_recoverable_and_purgeable", "purgeable", "recoverable", "recoverable_and_protected_subscription", "recoverable_and_purgeable", "unknown" ] updated_atstring The timestamp when the key was last updated. By default, it will always have the key creation timestamp as the last updated time. Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z key_namestring The name associated with the key version. key_ops Array of string (DiscoveryAzureKvKeyOperation) Allowed key operations on the key version. string Valid values[ "encrypt", "decrypt", "sign", "verify", "wrap_key", "unwrap_key", "import" ] key_rotation_datestring Returns the date when the key will be rotated. None, when the auto key rotation is not enabled for the key. Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z key_sourcestring Valid values[ "kv", "fortanix", "other" ] key_typestring Valid values[ "rsa2048", "rsa3072", "rsa4096", "rsa_hsm2048", "rsa_hsm3072", "rsa_hsm4096", "ecc_nist_p256", "ecc_nist_p384", "ecc_nist_p521", "ecc_secg_p256k1", "ecc_nist_hsm_p256", "ecc_nist_hsm_p384", "ecc_nist_hsm_p521", "ecc_secg_hsm_p256k1", "oct", "oct_hsm", "unknown" ] key_vault_access_tierstring Valid values[ "standard", "premium" ] key_vault_namestring Represents the Azure Key Vault Name. key_vault_uristring Represents the Azure key vault URI. key_versionstring The key version of the scanned key. source_scan_inventory_objectobject idstring (uuid) scan_idstring (uuid) tagsobject The tags associated with the key version. property*string additionalProperties objectobject$typestring Valid values[ "storage_account" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_exportable_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] blob_anonymous_access_enabledboolean encryption_settingsobject key_source The encryption key source (provider). OneOfobjectobject$typestring Valid values[ "key_vault" ] key_idstring objectobject$typestring Valid values[ "storage" ] kindstring Valid values[ "blob_storage", "block_blob_storage", "file_storage", "storage", "storage_v2", "unknown" ] namestring objectobject$typestring Valid values[ "container_group" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_exportable_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean encrypted_with_overly_permissive_usage_keyboolean encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] encryption_sourceOneOfobjectobject$typestring Valid values[ "microsoft_managed_key" ] objectobject$typestring Valid values[ "customer_managed_key" ] key_idstring namestring objectobject$typestring Valid values[ "managed_disk" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_exportable_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] disk_size_gbinteger (int32) disk_statestring Used to represent state of [AzureManagedDisk]. for reference: [Documentation](https://learn.microsoft.com/en-us/rest/api/compute/disks/list-by-resource-group?view=rest-compute-2024-03-01&tabs=HTTP#diskstate) Valid values[ "active_sas", "active_sas_frozen", "active_upload", "attached", "frozen", "ready_to_upload", "reserved", "unattached", "other" ] disk_typestring Used to represent SKU of [AzureManagedDisk]. For reference: [Documentation](https://learn.microsoft.com/en-us/rest/api/compute/disks/list-by-resource-group?view=rest-compute-2024-03-01&tabs=HTTP#diskstate) Valid values[ "premium_v2_lrs", "premium_lrs", "premium_zrs", "standard_ssd_lrs", "standard_ssd_zrs", "standard_lrs", "ultra_ssd_lrs" ] encryption_settings Used to describe [Server-side encryption](https://learn.microsoft.com/en-us/azure/virtual-machines/disk-encryption) configuration of [AzureManagedDisks] - This does not cover [Azure Disk Encryption](https://learn.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption-overview) which is handled on a volume level on VM OneOfobjectobject$typestring Valid values[ "encryption_at_rest_with_azure_managed_key" ] objectobject$typestring Valid values[ "confidential_vm_encrypted_with_azure_managed_key" ] objectobject$typestring Valid values[ "confidential_vm_encrypted_with_customer_key" ] key_idstring key_rotation_enabledboolean objectobject$typestring Valid values[ "encryption_at_rest_with_customer_key" ] key_idstring key_rotation_enabledboolean objectobject$typestring Valid values[ "encryption_at_rest_with_azure_and_customer_keys" ] key_idstring key_rotation_enabledboolean namestring objectobject$typestring Valid values[ "managed_cluster" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_exportable_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean encrypted_with_overly_permissive_usage_keyboolean encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] disk_encryption_detailsOneOfobjectobject$typestring Valid values[ "encryption_at_rest_with_customer_key" ] key_idstring key_rotation_enabledboolean objectobject$typestring Valid values[ "encryption_at_rest_with_platform_key" ] namestring objectobject$typestring Valid values[ "storage_account_blob" ] analysisobject encrypted_with_expired_keyboolean encrypted_with_exportable_keyboolean encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean encrypted_with_overly_permissive_usage_keyboolean encrypted_with_quantum_vulnerable_keyboolean encrypted_with_shared_keyboolean key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] container_namestring encryption_settingsobject key_source The encryption key source (provider). OneOfobjectobject$typestring Valid values[ "key_vault" ] key_idstring objectobject$typestring Valid values[ "storage" ] namestring storage_account_namestring regionstring Valid values[ "asia", "asia_pacific", "australia", "australia_central", "australia_central2", "australia_east", "australia_south_east", "brazil", "brazil_south", "brazil_south_east", "brazil_us", "canada", "canada_central", "canada_east", "central_india", "central_us", "central_us_euap", "central_us_stage", "east_asia", "east_asia_stage", "east_us", "east_us_stage", "east_us_stg", "east_us2", "east_us2_stage", "east_us2_euap", "europe", "france", "france_central", "france_south", "germany", "germany_north", "germany_west_central", "global", "india", "israel", "israel_central", "italy", "italy_north", "japan", "japan_east", "japan_west", "jio_india_central", "jio_india_west", "korea", "korea_central", "korea_south", "new_zealand", "north_central_us", "north_central_us_stage", "north_europe", "norway", "norway_east", "norway_west", "poland", "poland_central", "qatar", "qatar_central", "singapore", "south_africa", "south_africa_north", "south_africa_west", "south_central_us", "south_central_us_stage", "south_east_asia", "south_east_asia_stage", "south_india", "sweden", "sweden_central", "switzerland", "switzerland_north", "switzerland_west", "uae", "uae_central", "uae_north", "uk", "uk_south", "uk_west", "united_states", "united_states_euap", "west_central_us", "west_europe", "west_india", "west_us", "west_us_stage", "west_us2", "west_us2_stage", "west_us3", "other" ] resource_groupobject namestring resource_idstring subscriptionobject idstring (uuid) namestring tenant_idstring (uuid)