Key Vault soft deletion is not set to 90 days Affecting Key Vault service in Azure

Snyk CCSS

Data / Restoration

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls CSA-CCM ISO-27001 SOC-2

Snyk ID SNYK-CC-00557
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Accidentally deleted vaults and vault items are not recoverable and might lead to data loss.

How to fix?

Set properties.enableSoftDelete to true and softDeleteRetentionInDays to 90, or remove the attributes entirely to use enabled soft delete default with 90 days retention.

ARM

vaults

Terraform

azurerm_key_vault

References

Azure Key Vault soft-delete overview

Key Vault soft deletion is not set to 90 days Affecting Key Vault service in Azure

Severity

Description

How to fix?

ARM

Terraform

References