Description

Some Azure Key Vaults instances do not enable properties that allow secrets to be recovered in the event of accidental deletion or by malicious actors.

Impact

Delete sensitive secrets by accident with no chance of recovery

Recommendation

Enable the properties EnableSoftDelete and EnablePurgeProtection in every Azure Key Vault (AKV) instance.

Threat

Authenticated attacker from the Internet with write permissions in the vault

Expected Remediation Time

⏱️ 20 minutes.

Requirements

Fixes