CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CC-00557
- creditSnyk Research Team
Description
Accidentally deleted vaults and vault items are not recoverable and might lead to data loss.
How to fix?
Set properties.enableSoftDelete to true and softDeleteRetentionInDays to 90, or remove the attributes entirely to use enabled soft delete default with 90 days retention.
Set soft_delete_retention_days to 90, or remove the attribute entirely to use the default setting of 90 days.
Example configuration:
resource "azurerm_key_vault" "allow" {
name = "example557akeyvault"
location = azurerm_resource_group.example557a.location
resource_group_name = azurerm_resource_group.example557a.name
enabled_for_disk_encryption = true
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_retention_days = 90
purge_protection_enabled = false
sku_name = "standard"
access_policy {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
key_permissions = [
"Get",
]
secret_permissions = [
"Get",
]
storage_permissions = [
"Get",
]
}
}