Protecting Key Vault resources
Azure Key Vault has capabilities to protect us against accidental or malicious vault or vault object deletion and disasters. There are three main capabilities that we will cover in this section: Soft-Delete, Purge Protection, Backup and Restore. Let's start with the soft-delete feature.
Key Vault soft-delete allows us to recover both deleted vaults and deleted vault objects within a configurable retention period (Figure 12.23). This is similar to the recycle bin capability of the Windows operating system. With soft-delete enabled, a deleted secret, key, certificate, or vault will remain recoverable for a period of 7 to 90 calendar days (depending on what the administrator configures). Deleted vaults will remain in our subscription as hidden vaults. This feature is now enabled by default for all newly created vaults (you will see this when you do the hands-on exercise for this chapter).
Figure 12.22 – Key Vault...
