Key vault should have purge protection enabled
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | keyvault |
| Provider | Azure |
| Vulnerability Type | omission |
Description#
The Key Vault resource is missing purge protection, allowing deleted keys and secrets to be permanently removed without the possibility of recovery. This configuration bypasses safeguards intended to prevent accidental or malicious data loss.
Impact#
Without purge protection, attackers or unauthorized users with sufficient permissions could permanently delete cryptographic keys or secrets, leading to irreversible loss of access to encrypted resources, service outages, or compromise of critical business processes.
Resolution#
Enable purge protection for key vaults