Azure Key Vault Secret Versions

gryczanu 21 Reputation points
2022-08-29T07:54:28.097+00:00

As I know, Key Vault does not support deleting specific versions of secrets. I am worry about performance:

Key Vault does not restrict the number of versions on a secret, key or certificate, but storing a large number of versions (500+) can impact the performance of backup operations https://learn.microsoft.com/en-us/azure/key-vault/general/service-limits

I have around 150 secrets in one KeyVault and I am planning to add new version of each secret one a week. It will affect the performance?
The perfect solution for me will be to keep last three versions of one key vault secret, is it possible?

Thanks
Urszula

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,126 questions
0 comments
Accepted answer
  1. Andriy Bilous 10,976 Reputation points MVP
    2022-08-29T13:53:17.857+00:00

    Hello @gryczanu

    You are right storing a large number of versions (500+) can impact the performance of backup operations or getting an error but unfortunately it is not possible to keep last three(less or more) versions of one key vault secret.
    https://stackoverflow.com/questions/57918580/azure-key-vault-secret-versions-lifetime
    https://github.com/Azure/azure-cli/issues/8114

    It seems there are no plans to support deletion of individual versions of a secret in nearest future.

    As you are planning to add new version of each secret once a week I would recommend you to recreate Azure KeyVault Secret once a year.

    If you think your question has been answered, click "Mark as Accept Answer" if just helped click "Vote as helpful". This can be beneficial to other community members reading this forum thread.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest