Key Vault

Key Vault

• A service that allow you to store secrets, keys and certificates

• Secured and protected by Azure AD RBAC

• Monitor Access and usage

• https://docs.microsoft.com/en-us/azure/key-vault/general/security-features

Recovery Management

• Soft delete is designed to prevent accidental deletion of your key vault and keys, secrets, and certificates stored inside key vault. It is like a recycle bin.

• Purge protection is designed to prevent the deletion of your key vault, keys, secrets, and certificates by a malicious insider. Think of this as a recycle bin with a time based lock. You can recover items at any point during the configurable retention period. You will not be able to permanently delete or purge a key vault until the retention period elapses. Once the retention period elapses the key vault or key vault object will be purged automatically.

• Purge Protection is designed so that no administrator role or permission can override, disable, or circumvent purge protection. Once purge protection is enabled, it cannot be disabled or overridden by anyone including Microsoft. This means you must recover a deleted key vault or wait for the retention period to elapse before reusing the key vault name.