Create Pull Request
| Date | Scan | Status | Result |
|---|---|---|---|
| 2026-01-14 00:00 | #250 | in_progress |
Biased
|
| 2026-01-13 00:00 | #246 | completed |
Biased
|
| 2026-01-12 00:00 | #243 | cancelled |
Biased
|
| 2026-01-11 00:00 | #240 | completed |
Biased
|
| 2026-01-10 00:00 | #237 | completed |
Biased
|
| 2026-01-09 00:34 | #234 | completed |
Biased
|
| 2026-01-08 00:53 | #231 | completed |
Biased
|
| 2026-01-06 18:15 | #225 | cancelled |
Clean
|
| 2025-08-17 00:01 | #83 | cancelled |
Clean
|
| 2025-07-13 21:37 | #48 | completed |
Biased
|
| 2025-07-09 13:09 | #3 | cancelled |
Clean
|
| 2025-07-08 04:23 | #2 | cancelled |
Biased
|
# Create the new key vault
$newKeyVault = New-AzKeyVault `
-VaultName $VaultName `
-ResourceGroupName $resourceGroup `
-Location $region
$resourceId = $newKeyVault.ResourceId
# Convert the SendGrid API key into a SecureString
$Secret = ConvertTo-SecureString -String $SendGridAPIKey `
-AsPlainText -Force
Set-AzKeyVaultSecret -VaultName $VaultName `
-Name 'SendGridAPIKey' `
-SecretValue $Secret
# Grant Key Vault access to the Automation account's system-assigned managed identity.
$SA_PrincipalId = (Get-AzAutomationAccount `
-ResourceGroupName $resourceGroup `
-Name $automationAccount).Identity.PrincipalId
Set-AzKeyVaultAccessPolicy `
-VaultName $vaultName `
-ObjectId $SA_PrincipalId `
-PermissionsToSecrets Set, Get
# Grant Key Vault access to the user-assigned managed identity.
$UAMI = Get-AzUserAssignedIdentity `
-ResourceGroupName $resourceGroup `
-Name $userAssignedManagedIdentity
Set-AzKeyVaultAccessPolicy `
-VaultName $vaultName `
-ObjectId $UAMI.PrincipalId `
-PermissionsToSecrets Set, Get
New-AzRoleAssignment `
-ObjectId $SA_PrincipalId `
-ResourceGroupName $resourceGroup `
-RoleDefinitionName "Reader"
$VaultName = "<your KeyVault name>"
$resourceGroup = "<your ResourceGroup name>"
Remove-AzKeyVault -VaultName $VaultName -ResourceGroupName $resourceGroup
# Sign in to your Azure subscription
$sub = Get-AzSubscription -ErrorAction SilentlyContinue
if(-not($sub))
{
Connect-AzAccount
}
# If you have multiple subscriptions, set the one to use
# Select-AzSubscription -SubscriptionId <SUBSCRIPTIONID>
$resourceGroup = "<Resource group>"
$automationAccount = "<Automation account>"
$region = "<Region>"
$SendGridAPIKey = "<SendGrid API key>"
$VaultName = "<A universally unique vault name>"
$userAssignedManagedIdentity = "<User-assigned managed identity>"
New-AzRoleAssignment `
-ObjectId $UAMI.PrincipalId`
-ResourceGroupName $resourceGroup `
-RoleDefinitionName "Reader"
$UAMI.ClientId
Param(
[Parameter(Mandatory=$True)]
[String] $destEmailAddress,
[Parameter(Mandatory=$True)]
[String] $fromEmailAddress,
[Parameter(Mandatory=$True)]
[String] $subject,
[Parameter(Mandatory=$True)]
[String] $content,
[Parameter(Mandatory=$True)]
[String] $ResourceGroupName
)
# Ensures you do not inherit an AzContext in your runbook
Disable-AzContextAutosave -Scope Process
# Connect to Azure with system-assigned managed identity
$AzureContext = (Connect-AzAccount -Identity).context
# set and store context
$AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext
$VaultName = "<Enter your vault name>"
$SENDGRID_API_KEY = Get-AzKeyVaultSecret `
-VaultName $VaultName `
-Name "SendGridAPIKey" `
-AsPlainText -DefaultProfile $AzureContext
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer " + $SENDGRID_API_KEY)
$headers.Add("Content-Type", "application/json")
$body = @{
personalizations = @(
@{
to = @(
@{
email = $destEmailAddress
}
)
}
)
from = @{
email = $fromEmailAddress
}
subject = $subject
content = @(
@{
type = "text/plain"
value = $content
}
)
}
$bodyJson = $body | ConvertTo-Json -Depth 4
$response = Invoke-RestMethod -Uri https://api.sendgrid.com/v3/mail/send -Method Post -Headers $headers -Body $bodyJson