encountering an issue with a Key Vault HSM

Sarah H001 0 Reputation points
2024-11-22T15:13:45.13+00:00

I am encountering an issue with a Key Vault HSM where Purge Protection has been enabled. Despite my attempts, I am unable to disable or delete this feature. When attempting to purge the managed HSM, the operation fails with the following error message: Operation 'DeletedManagedHsmPurge' is not allowed

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,327 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Bhasker Donthu 845 Reputation points Microsoft Vendor
    2024-11-22T15:53:53.3166667+00:00

    Hello @Sarah H001,

    Thank you for posting your query on Microsoft Q&A.
    Purge Protection is a security feature designed to safeguard against the permanent deletion of Managed HSMs and their keys, even by a malicious insider. It operates like a time-locked recycle bin, ensuring items can only be permanently removed after the retention period ends. During this retention period:

    • Deleted HSMs or keys can be recovered at any time.
    • Permanent deletion or purging is strictly prohibited until the retention period elapses, at which point the system will automatically purge the HSM or key.

    Note:

    • No administrator role, permission, or Microsoft intervention can override, disable, or bypass purge protection once it’s enabled.
    • If you wish to reuse an HSM name, you must either recover the deleted HSM or wait for the retention period to conclude.

    For more details, please refer this link: https://learn.microsoft.com/en-us/azure/key-vault/managed-hsm/recovery?tabs=azure-cli

    I hope this information is helpful. Please feel free to reach out if you have any further questions. If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.