GPT-RAG icon indicating copy to clipboard operation
GPT-RAG copied to clipboard
verified publisher icon Azure

Set BICEP Key vault enableSoftDelete to false

Open pradorodriguez opened this issue 1 year ago • 1 comments

Recommendation: Set BICEP Key vault enableSoftDelete to false Why: If customer wants to redeploy, newer deployments will fail due to the existence of soft deleted Key Vaults. BICEP: https://learn.microsoft.com/en-us/azure/templates/microsoft.keyvault/vaults?pivots=deployment-language-bicep#vaultproperties Parameter: enableSoftDelete

pradorodriguez avatar Jul 22 '24 18:07 pradorodriguez

in the meantime...as a workaround, during the deprovisioning, you can encourage users to run: azd down --force --purge which should take care of anything marked for soft-deletion without intervention.

scottroot-msft avatar Aug 22 '24 14:08 scottroot-msft

Many customers have "Key vaults should have soft delete enabled" policy, causing errors if we set this false.

https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference#security-centers-default-initiative-azure-security-benchmark

placerda avatar Oct 16 '24 17:10 placerda