Key Vault Soft Delete Is Disabled

• Query id: 881696a8-68c5-4073-85bc-7c38a3deb854
• Query name: Key Vault Soft Delete Is Disabled
• Platform: Ansible
• Severity: Medium
• Category: Backup
• URL: Github

Description

Make sure Soft Delete is enabled for Key Vault
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file

---
- name: Create instance of Key Vault
  azure_rm_keyvault:
    resource_group: myResourceGroup
    vault_name: samplekeyvault
    enabled_for_deployment: yes
    enable_soft_delete: no
    vault_tenant: 72f98888-8666-4144-9199-2d7cd0111111
    sku:
      name: standard
    access_policies:
      - tenant_id: 72f98888-8666-4144-9199-2d7cd0111111
        object_id: 99998888-8666-4144-9199-2d7cd0111111
        keys:
          - get
          - list
- name: Create instance of Key Vault 02
  azure_rm_keyvault:
    resource_group: myResourceGroup 02
    vault_name: samplekeyvault
    enabled_for_deployment: yes
    vault_tenant: 72f98888-8666-4144-9199-2d7cd0111111
    sku:
      name: standard
    access_policies:
      - tenant_id: 72f98888-8666-4144-9199-2d7cd0111111
        object_id: 99998888-8666-4144-9199-2d7cd0111111
        keys:
          - get
          - list

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: Create instance of Key Vault
  azure_rm_keyvault:
    resource_group: myResourceGroup
    vault_name: samplekeyvault
    enabled_for_deployment: yes
    enable_soft_delete: yes
    vault_tenant: 72f98888-8666-4144-9199-2d7cd0111111
    sku:
      name: standard
    access_policies:
    - tenant_id: 72f98888-8666-4144-9199-2d7cd0111111
      object_id: 99998888-8666-4144-9199-2d7cd0111111
      keys:
      - get
      - list