Remove From My Forums

Permanent deletion of soft delete enabled Azure Key Vault or disable soft Delete for key Vault

Question
0

Sign in to vote

Hi,

I am unable to find a way to permanent deletion of Soft deleted key Vault or disable soft delete for the key vault.

Could someone help me with the command or doc for disabling the Soft delete?

Thursday, January 17, 2019 3:02 PM

Reply

|

Quote

Answers

0

Sign in to vote
Hi Pardhasaradhi ,

Once soft delete is enabled for Azure Key Vault you cannot disable the soft-delete as it's implemented as a one-way operation and cannot be changed back once enabled. However, You can use the PowerShell cmdlet Remove-AzureRmKeyVault command with the option -InRemovedState and by specifying the location of the deleted key vault with the -Location argument to permanently delete or purge the Azure Key Vault. If you want to permanently delete a key or secret you need to use Remove-AzureKeyVaultKey and Remove-AzureKeyVaultSecret with -InRemovedState parameter. Please refer to How to use Key Vault soft-delete with PowerShell for details.

You can also achieve the same using the Azure CLI. Refer to How to use Key Vault soft-delete with CLI for details.
- Proposed as answer by SaurabhSharma-MSFTMicrosoft employee, Moderator Thursday, January 17, 2019 6:51 PM
- Edited by SaurabhSharma-MSFTMicrosoft employee, Moderator Thursday, January 17, 2019 7:02 PM
- Marked as answer by Pardhasaradhi reddy Friday, January 18, 2019 12:11 PM
Thursday, January 17, 2019 6:51 PM

Reply

|

Quote

Moderator

All replies

0

Sign in to vote
Hi Pardhasaradhi ,

Once soft delete is enabled for Azure Key Vault you cannot disable the soft-delete as it's implemented as a one-way operation and cannot be changed back once enabled. However, You can use the PowerShell cmdlet Remove-AzureRmKeyVault command with the option -InRemovedState and by specifying the location of the deleted key vault with the -Location argument to permanently delete or purge the Azure Key Vault. If you want to permanently delete a key or secret you need to use Remove-AzureKeyVaultKey and Remove-AzureKeyVaultSecret with -InRemovedState parameter. Please refer to How to use Key Vault soft-delete with PowerShell for details.

You can also achieve the same using the Azure CLI. Refer to How to use Key Vault soft-delete with CLI for details.
- Proposed as answer by SaurabhSharma-MSFTMicrosoft employee, Moderator Thursday, January 17, 2019 6:51 PM
- Edited by SaurabhSharma-MSFTMicrosoft employee, Moderator Thursday, January 17, 2019 7:02 PM
- Marked as answer by Pardhasaradhi reddy Friday, January 18, 2019 12:11 PM
Thursday, January 17, 2019 6:51 PM

Reply

|

Quote

Moderator
0

Sign in to vote

Thanks, Saurabh.

It's working but how can I remove the one which is enabled with vaultPurge.

Friday, January 18, 2019 12:11 PM

Reply

|

Quote
0

Sign in to vote

sorry but what do you mean by vaultpurge ?

Wednesday, January 23, 2019 6:55 AM

Reply

|

Quote

Moderator
0

Sign in to vote

I mean EnablePurgeProtection

Wednesday, February 6, 2019 6:27 PM

Reply

|

Quote
0

Sign in to vote

I have an issue permanently deleting a protected key vault. As a test I created several vaults with soft delete and purge protection enabled. Now, I need to test the script more but I am unable to provision the key vault because it says it already exists. Additionally I try to remove the vault but get this error. How do I rectify?

VERBOSE: Performing the operation "Purge vault" on target "S1TestVault.
Remove-azkeyvault : Operation 'DeletedVaultPurge' is not allowed.
At line:1 char:34
+ ... ovedState | Remove-azkeyvault -InRemovedState -Location 'East US' -Co ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Remove-AzKeyVault], CloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.KeyVault.RemoveAzureKeyVault

Wednesday, August 28, 2019 1:17 PM

Reply

|

Quote

Answered by:

Permanent deletion of soft delete enabled Azure Key Vault or disable soft Delete for key Vault

Question

Answers

All replies