diff --git a/.cruft.json b/.cruft.json
index e95c43b..470a688 100644
--- a/.cruft.json
+++ b/.cruft.json
@@ -1,6 +1,6 @@
 {
   "template": "https://github.com/Azure-Samples/Azure-Python-Standardization-Template-Generator",
-  "commit": "75d8c04bda1e75ae989198d933a785ca153bd891",
+  "commit": "984454a27bd81d8d26794bd3464e9b1b5714ff66",
   "checkout": null,
   "context": {
     "cookiecutter": {
diff --git a/infra/core/security/keyvault.bicep b/infra/core/security/keyvault.bicep
index 87c9e88..8b8ff75 100644
--- a/infra/core/security/keyvault.bicep
+++ b/infra/core/security/keyvault.bicep
@@ -1,6 +1,7 @@
 metadata description = 'Creates an Azure Key Vault.'
 param name string
 param location string = resourceGroup().location
+param logAnalyticsWorkspaceId string
 param tags object = {}
 
 param principalId string = ''
@@ -35,6 +36,20 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
   }
 }
 
+resource logs 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = {
+  name: 'logs'
+  scope: keyVault
+  properties: {
+    workspaceId: logAnalyticsWorkspaceId
+    logs: [
+      {
+        category: 'AuditEvent'
+        enabled: true
+      }
+    ]
+  }
+}
+
 output endpoint string = keyVault.properties.vaultUri
 output id string = keyVault.id
 output name string = keyVault.name
diff --git a/infra/main.bicep b/infra/main.bicep
index 09e4d08..7e2d7bd 100644
--- a/infra/main.bicep
+++ b/infra/main.bicep
@@ -41,6 +41,7 @@ module keyVault './core/security/keyvault.bicep' = {
     location: location
     tags: tags
     principalId: principalId
+    logAnalyticsWorkspaceId: monitoring.outputs.logAnalyticsWorkspaceId
   }
 }