Hi, 1- How can we disable SOFT DELETE on key vault which is enabled automatically? 2- How can we change the retention period on azure key vault? Thanks Regards,

Hi @HASSAN BIN NASIR DAR , You cannot disable the soft-delete, but you can use can use Azure CLI (or Powershell) to permanently delete the Key Vault. az keyvault purge --subscription {SUBSCRIPTION ID} -n {VAULT NAME} https://learn.microsoft.com/en-us/azure/key-vault/general/key-vault-recovery?tabs=azure-cli#key-vault-cli Soft delete is implemented as a one-way operation and cannot be changed back once enabled. (This is mentioned in the enableSoftDelete property definition.) If you can share more details on why disabling soft-delete would be useful for you, and the specifics of your scenario, I'd be interested in starting a discussion with the engineering team for you. During the creation of the Key Vault, you can set the retention period interval to a value from 7 to 90 days. You can't change that retention period after soft delete has been turned on though. If you share the details of your use case and I will gladly share this feedback with the engineering team and start a conversation around this. Thanks! Marilee

Disable soft delete on Azure key vault

Accepted answer

Marilee Turscak-MSFT 36,851 Reputation points Microsoft Employee

2021-08-26T22:45:45.137+00:00

Hi @HASSAN BIN NASIR DAR ,

You cannot disable the soft-delete, but you can use can use Azure CLI (or Powershell) to permanently delete the Key Vault. az keyvault purge --subscription {SUBSCRIPTION ID} -n {VAULT NAME}

https://learn.microsoft.com/en-us/azure/key-vault/general/key-vault-recovery?tabs=azure-cli#key-vault-cli

Soft delete is implemented as a one-way operation and cannot be changed back once enabled. (This is mentioned in the enableSoftDelete property definition.) If you can share more details on why disabling soft-delete would be useful for you, and the specifics of your scenario, I'd be interested in starting a discussion with the engineering team for you.

During the creation of the Key Vault, you can set the retention period interval to a value from 7 to 90 days. You can't change that retention period after soft delete has been turned on though.

If you share the details of your use case and I will gladly share this feedback with the engineering team and start a conversation around this.

Thanks!

Marilee
Please sign in to rate this answer.

2 people found this answer helpful.
JamesTran-MSFT 36,631 Reputation points Microsoft Employee

2021-08-30T18:32:59.577+00:00

@HASSAN BIN NASIR DAR
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Rod Joyce 21 Reputation points

2022-02-14T07:14:49.527+00:00

Hi, we have a use-case where we need to disable Soft Delete.

We have a Managed Azure Application that the customer installs. It contains a keyvault. Occasionally it fails due to a missing Service Provider or some other issue. The customer deletes the failed deployment (and the keyvault, which goes into the deleted soft state).

Then they try to reinstall and choose the same Resource Group name. Our Keyvaults are made like like this:
"keyVaultDDName": "[toLower(concat('cmddkv', uniqueString(resourceGroup().id)))]"

Boom - the install fails with a message:

At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details
The resource provision operation did not complete within the allowed timeout period.
The vault name 'cmddkvtxxxxxxx' is already in use. Vault names are globaly unique so it is possible that the name is already taken. If you are sure that the vault name was not taken then it is possible that a vault with the same name was recently deleted but not purged after being placed in a recoverable state. If the vault is in a recoverable state then the vault will need to be purged before reusing the name.

and they cannot reinstall the Azure Managed Application, and they think it is an issue with our product...
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Disable soft delete on Azure key vault

0 additional answers

Your answer