Key Vault Soft Delete Is Disabled
- Query id: 881696a8-68c5-4073-85bc-7c38a3deb854
- Query name: Key Vault Soft Delete Is Disabled
- Platform: Ansible
- Severity: Medium
- Category: Backup
- URL: Github
Description¶
Make sure Soft Delete is enabled for Key Vault
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - yaml file
---
- name: Create instance of Key Vault
azure_rm_keyvault:
resource_group: myResourceGroup
vault_name: samplekeyvault
enabled_for_deployment: yes
enable_soft_delete: no
vault_tenant: 72f98888-8666-4144-9199-2d7cd0111111
sku:
name: standard
access_policies:
- tenant_id: 72f98888-8666-4144-9199-2d7cd0111111
object_id: 99998888-8666-4144-9199-2d7cd0111111
keys:
- get
- list
- name: Create instance of Key Vault 02
azure_rm_keyvault:
resource_group: myResourceGroup 02
vault_name: samplekeyvault
enabled_for_deployment: yes
vault_tenant: 72f98888-8666-4144-9199-2d7cd0111111
sku:
name: standard
access_policies:
- tenant_id: 72f98888-8666-4144-9199-2d7cd0111111
object_id: 99998888-8666-4144-9199-2d7cd0111111
keys:
- get
- list
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: Create instance of Key Vault
azure_rm_keyvault:
resource_group: myResourceGroup
vault_name: samplekeyvault
enabled_for_deployment: yes
enable_soft_delete: yes
vault_tenant: 72f98888-8666-4144-9199-2d7cd0111111
sku:
name: standard
access_policies:
- tenant_id: 72f98888-8666-4144-9199-2d7cd0111111
object_id: 99998888-8666-4144-9199-2d7cd0111111
keys:
- get
- list