The Key Vault is not soft delete

ID

azure_key_vault_soft_delete

Severity

low

Vendor

Azure

Resource

Backup Recovery

Tags

non-reachable

Description

The Key Vault is not soft delete. The backup is not possible. To enable soft delete you must eliminate enable_soft_delete property or set to true (default value).

Learn more about this topic at Azure Key Vault soft delete.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create instance of Key Vault
      azure_rm_keyvault:
        resource_group: myResourceGroup
        vault_name: samplekeyvault
        enabled_for_deployment: yes
        enable_soft_delete: False
        vault_tenant: 72f98888-8666-4144-9199-2d7cd0111111
        sku:
          name: standard
        access_policies:
          - tenant_id: 72f98888-8666-4144-9199-2d7cd0111111
            object_id: 99998888-8666-4144-9199-2d7cd0111111
            keys:
              - get
              - list

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create instance of Key Vault
      azure_rm_keyvault:
        resource_group: myResourceGroup
        vault_name: samplekeyvault
        enabled_for_deployment: yes
        vault_tenant: 72f98888-8666-4144-9199-2d7cd0111111
        sku:
          name: standard
        access_policies:
          - tenant_id: 72f98888-8666-4144-9199-2d7cd0111111
            object_id: 99998888-8666-4144-9199-2d7cd0111111
            keys:
              - get
              - list