Key_vault soft delete feature

[ghost]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

In the Microsoft Key Vault documentation there appears to be a soft delete feature available which is disabled by default. We would like to use this feature, but there appears to be no documentation in the azurerm_key_vault docs. Could this feature be added please?

New or Affected Resource(s)

azurerm_key_vault

Potential Terraform Configuration

resource "azurerm_key_vault" "main" {
  name                        = "myKv"
  resource_group_name         = "${azurerm_resource_group.main.name}"
  location                    = "${var.locationMed}"
  enabled_for_disk_encryption = true
  tenant_id                   = "${data.azurerm_client_config.current.tenant_id}"
  soft_delete                = true

  sku {
    name = "standard"
  }

   access_policy {
    tenant_id = "${data.azurerm_client_config.current.tenant_id}"
    object_id = "${data.azurerm_client_config.current.service_principal_object_id}"

    certificate_permissions = [
      "backup",
      "update",
    ]

    key_permissions = [
      "backup",
      "update",
      "verify",
      "wrapKey",
    ]

    secret_permissions = [
      "backup",
      "set",
    ]
  }

  access_policy {
    tenant_id = "${data.azurerm_client_config.current.tenant_id}"
    object_id = "${local.userObjectId}"

    certificate_permissions = [
      "backup",
      "update",
    ]

    key_permissions = [
      "backup",
      "update",
      "verify",
      "wrapKey",
    ]

    secret_permissions = [
      "backup",
      "set",
    ]
  }

  network_acls {
    default_action = "Deny"
    bypass         = "AzureServices"
    ip_rules       = "${var.ipRules}"
  }
}

References

[tombuildsstuff]

hi @phosphre

Thanks for opening this issue :)

Support for Soft Deletion of Key Vaults has previously been requested in #1329 - rather than having multiple issues open tracking the same thing I'm going to close this issue in favour of that one, would you mind subscribing to that for updates?

Thanks!

[ghost]

Yeah totally - sorry the time lost, must've searched incorrectly.

[tombuildsstuff]

@phosphre no problem, thanks for subscribing to the other issue :)

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!