Vulnerabilities
Misconfiguration
Runtime Security
Compliance
Azure > Key Vaults >

Key Vault Recovery Enabled

MEDIUM
Source
CloudSploit
ID
key-vault-recovery-enabled
management console

Key Vault Recovery Enabled

Ensures that Purge Protection and Soft Delete are enabled on all Key Vaults

Purge Protection and Soft Delete are features that safeguard losing key access. With these setting enabled, key vaults have recovery actions available to restore deleted or compromised key vaults.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log into the Microsoft Azure Management Console.

  2. In the search bar at the top search for Vaults and select “Key Vaults” from the search result. Step

  3. In the Key Vaults page select a key vault by clicking on the “Name” link to access the configuration changes.Step

  4. Scroll down and click “Properties” from the navigation pane on the left. Step

  5. If under “Soft delete” the “Disable purge protection” radio button is selected, then vaults and objects can be deleted with no recovery possible. This is against the best practices.Step

  6. Select the “Enable purge protection” radio button to allow only soft deletes so that vaults and objects can be recovered if needed.Step

  7. Finally, hit “Save” at the top of the pane to complete the changes.Step

  8. Repeat step number 3 - 7 for all other key vaults.

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use