question

MarileeTurscak avatar image
MarileeTurscak asked ·

What are Azure Key Vault's soft-delete and purge protection features?

Please explain how Azure Key Vault's soft-delete and purge protection features work. How can I recover vaults that have been soft-deleted? Why do I need to enable soft-delete in order to use purge protection?

Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question] Source:
How to use Key Vault soft-delete with PowerShell
How to use Key Vault soft-delete with CLI


azure-key-vault
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SaurabhSharma-msft avatar image
SaurabhSharma-msft answered ·

Azure key vault’s soft-delete feature allows the recovery of the deleted vaults and objects (keys, secrets, certificates). When enabled, resources marked as deleted are retained for a specified period (default 90 days) and during this time the service provides mechanism for recovering the deleted object.

Soft delete is by default ON during Key Vault creation with default retention period of 90 days. The retention policy can be changed from 7 to 90 days through Azure portal during Azure Key Vault creation. The purge protection retention policy uses the same interval. Once set, the retention policy interval cannot be changed.

Purge protection is an optional feature of Azure Key Vault which is disabled by default. Purge protection can only be enabled once soft delete is enabled for the key vault. When purge protection is on, a vault or an object in the deleted state cannot be purged until the retention period has passed. Soft-deleted vaults and objects can still be recovered, ensuring that the retention policy will be followed.

Source:
How to use Key Vault soft-delete with PowerShell
How to use Key Vault soft-delete with CLI


Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.