Purge protection & soft-delete: Azure Key Vault protections you must know

By /

Azure Key Vault is vital for most organizations and the security controls around it must be tightened as much as possible.  There are two features available during the creation of the resource that the cloud administrator should be aware of. They are purge protection and soft-delete. When we have those options configured, we cannot reuse Key Vault and Key Vault objects (secrets/keys and certificates) names before the period defined on the policy is reached.

The soft-delete allows the restore of entire vaults and vault objects for 90 days (maximum numbers of days).

The purge protection is not enabled by default, but it forces that any deleted object cannot be purged from Azure, and they will remain in that status for 90 days (maximum number of days).

Purge protection & soft-delete

The process to restore is done through PowerShell and there is no functionality at this time in the Azure Portal.

About The Author

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides of the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange, CISSP and several other certifications. Anderson contributes to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at Techgenix.com, MSExchange.org, ITPROCentral.com and Anderson Patricio.org (Portuguese).

Read Next

Static vs Dynamic IP Address

Static vs Dynamic IP Address

Most people are familiar with Internet Protocol (IP) Addresses, but many people don’t know you have 2 types. In this article, you’ll learn about static…

Read More »

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top