Ensure key vault enables soft-delete

Error: Key vault does not enable soft delete

Bridgecrew Policy ID: BC_AZR_GENERAL_41
Checkov Check ID: CKV_AZURE_111
Severity: LOW

Key vault does not enable soft-delete

Description

Key Vault's soft-delete feature allows recovery of the deleted vaults and deleted key vault objects (for example, keys, secrets, certificates), known as soft-delete.

Fix - Buildtime

Terraform

  • Resource: azurerm_key_vault
  • Argument: soft_delete_retention_days - (Optional) The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 (the default) days.
resource "azurerm_key_vault" "example" {
  ...
+   soft_delete_retention_days  = 7
}

Did this page help you?