Azure Key Vault should be recoverable

azure.keyvault
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

The key vault contains object keys, secrets, and certificates. If a key vault is made unavailable accidentally, it can cause immediate data loss or loss of security functions supported by the key vault objects. This includes authentication, validation, verification, and non-repudiation. It is recommended that the key vault be made recoverable by enabling the “Do Not Purge” and “Soft Delete” functions. This prevents loss of encrypted data, including storage accounts, SQL databases, and dependent services provided by key vault objects (keys, secrets, certificates, etc.), which may occur due to accidental deletion by a user or from disruptive activity by a malicious user.

Note: When a new key vault is created, the enableSoftDelete and enablePurgeProtection parameters are set to null by default, disabling both features.

Remediation

Enable “Do Not Purge” and “Soft Delete” for a key vault.

From the console

  1. Log in to the Azure Portal.
  2. Go to Key Vaults and click Properties.
  3. Verify that the status of soft-delete is set to ‘Soft delete has been enabled on this key vault’.
  4. At the bottom of the page, click ‘Enable Purge Protection’.