Ensure the key vault is recoverable
Why This Matters
Azure Key Vault stores encryption keys, secrets, and certificates that are critical to your infrastructure and applications. If a key vault is accidentally or maliciously deleted, all dependent services such as storage accounts, SQL databases, and authentication mechanisms can become inaccessible, leading to immediate data loss and operational disruption. Enabling soft delete and purge protection ensures that even if a vault is deleted, it and its objects remain recoverable for 90 days and cannot be permanently purged.
What Aether365 Checks
Aether365 verifies that both enableSoftDelete and enablePurgeProtection are set to true on your Azure Key Vaults. This check is displayed in the Aether365 dashboard under the azure-azure-keyvault checks and is aligned with CIS Microsoft Azure Foundations benchmark recommendation 3.3.5.