Key Vault Soft Delete Is Disabled

  • Query id: 881696a8-68c5-4073-85bc-7c38a3deb854
  • Query name: Key Vault Soft Delete Is Disabled
  • Platform: Ansible
  • Severity: Medium
  • Category: Backup
  • CWE: 451
  • URL: Github

Description

Make sure Soft Delete is enabled for Key Vault
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
---
- name: Create instance of Key Vault
  azure_rm_keyvault:
    resource_group: myResourceGroup
    vault_name: samplekeyvault
    enabled_for_deployment: yes
    enable_soft_delete: no
    vault_tenant: 72f98888-8666-4144-9199-2d7cd0111111
    sku:
      name: standard
    access_policies:
      - tenant_id: 72f98888-8666-4144-9199-2d7cd0111111
        object_id: 99998888-8666-4144-9199-2d7cd0111111
        keys:
          - get
          - list
- name: Create instance of Key Vault 02
  azure_rm_keyvault:
    resource_group: myResourceGroup 02
    vault_name: samplekeyvault
    enabled_for_deployment: yes
    vault_tenant: 72f98888-8666-4144-9199-2d7cd0111111
    sku:
      name: standard
    access_policies:
      - tenant_id: 72f98888-8666-4144-9199-2d7cd0111111
        object_id: 99998888-8666-4144-9199-2d7cd0111111
        keys:
          - get
          - list

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Create instance of Key Vault
  azure_rm_keyvault:
    resource_group: myResourceGroup
    vault_name: samplekeyvault
    enabled_for_deployment: yes
    enable_soft_delete: yes
    vault_tenant: 72f98888-8666-4144-9199-2d7cd0111111
    sku:
      name: standard
    access_policies:
    - tenant_id: 72f98888-8666-4144-9199-2d7cd0111111
      object_id: 99998888-8666-4144-9199-2d7cd0111111
      keys:
      - get
      - list