Ensure key vault enables soft-delete
Error: Key vault does not enable soft delete
Bridgecrew Policy ID: BC_AZR_GENERAL_41
Checkov Check ID: CKV_AZURE_111
Severity: LOW
Key vault does not enable soft-delete
Description
Deleting a key vault without soft delete enabled permanently deletes all secrets, keys, and certificates stored in the key vault. Accidental deletion of a key vault can lead to permanent data loss. Soft delete allows you to recover an accidentally deleted key vault for a configurable retention period.
Fix - Buildtime
Terraform
- Resource: azurerm_key_vault
- Argument: soft_delete_retention_days - (Optional) The number of days that items should be retained for once soft-deleted. This value can be between 7 and 90 (the default) days.
resource "azurerm_key_vault" "example" {
...
+ soft_delete_retention_days = 7
}
Updated over 1 year ago