Recreating keyvault in another tenant, how long do i have to wait after deleting it in current tenant

Michael Coetzee 21 Reputation points

Hi, we are migrating some apps from one tenant to another. The process includes moving keyvaults, I have read your docs on migrating to another tenant, but it's very risky especially after we need to remove access polices and role assignments before moving. So ideally we would like to delete the keyvault, and then recreate it in another tenant. I have heard once the keyvault is deleted, the internal DNS name stays around for a while, if this is the case, how long does it hang around before we can use it again in another tenant?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,159 questions
0 comments No comments
{count} votes

Accepted answer
  1. Shweta Mathur 28,771 Reputation points Microsoft Employee

    Hi @Michael Coetzee

    Thanks for reaching out.
    I understand you want to sure that existing key vault has been deleted permanently before creating the key vault in another tenant.
    Your understanding is right here when you mentioned key vault persists even if you delete it.

    When you create an azure keyvault a soft delete feature is by default enabled which helps the customers to recover their keys and secrets which were accidentally deleted within 90days (default) and for that time period you cannot create another keyvault with the same name.
    Once soft delete is enabled for Azure Key Vault you cannot disable the soft-delete as it's implemented as a one-way operation and cannot be changed back once enabled.

    However, you can use the option to permanently delete or purge the Azure Key Vault using powerShell, CLI or portal as mentioned here.

    Currently users have option to opt out of soft-delete during key vault creation. To protect accidental or malicious deletion of all key vaults, turn-off feature is going to be deprecated soon.

    Hope this will help.



    Please remember to "Accept Answer" if answer helped you.

0 additional answers

Sort by: Most helpful