Key Vault (1 / 13): Your organization is migrating sensitive data to Azure and has decided to use Azure Key Vault for secure storage. To enhance data protection, the IT team wants to ensure that if any key vault or its associated objects are unintentionally deleted, they can be recovered. Moreover, they want to ensure that once an item is marked as deleted, it cannot be permanently removed until a specified retention period elapses. Which Azure CLI commands should the IT team execute to implement these protective measures?
Answer:
You need to enablesoft delete (--enable-soft-delete true
) and purge protection (--enable-purge-protection true
)
az keyvault create --name <YourKeyVaultName> --retention-days 90
is not a valid command
az keyvault set-policy --name <YourKeyVaultName> --object-id <ObjectId> --key-permissions purge
grants a user the permission to purge objects from the Key Vault. However, it doesn't prevent purging during the retention period.
az keyvault delete --name <YourKeyVaultName> --force-immediate
is not a valid command