azure - 如何永久清除在启用软删除的情况下创建的整个 azure keyvault？

Question

当您创建启用了软删除的 Azure Keyvault 时，即使您将其删除并从头开始重新创建，该 Keyvault 仍会保留。

When soft-delete is enabled, resources marked as deleted resources are retained for a specified period (90 days by default). The service further provides a mechanism for recovering the deleted object, essentially undoing the deletion.

当您尝试通过 UI 删除 keyvault 时，您还会收到此错误消息:

The soft delete feature has been enabled on this key vault. After yousoft delete this key vault, it will remain in your subscription as ahidden vault. It will get purged after the retention period youspecified. You may purge it sooner, or restore the vault, using AzurePortal, Azure PowerShell, or Azure CLI. See this page for reference:https://learn.microsoft.com/azure/key-vault/key-vault-ovw-soft-delete

这给我的开发带来了问题。我创建了一个启用了软删除的 keyvault(意外)，现在我想完全删除该 keyvault 并使用不同的设置重新创建它。每次我删除它并重新创建它时，它都包含以前的所有设置、 key 等。我也无法创建具有相同名称且禁用软删除的 keystore 。它提示具有该名称的 keyvault 已存在(VaultAlreadyExists 异常(exception))，并且设置不兼容。

keyvault docs on MSDN (Azure中上述消息的链接)提到如何永久清除软删除，但它有点委婉的句子对我没有多大帮助:

Permanently deleting, purging, a key vault is possible via a POSToperation on the proxy resource and requires special privileges.

那么我该如何摆脱这个东西呢？

Answer 1

首先要注意的是，正如我随后发现的那样，soft delete will be enabled by default by any time now 。因此，禁用软删除现在实际上已被弃用。但我仍然想完全删除我的 keystore 。

<小时/>

在 azure cli 中进行了一些挖掘后，我偶然发现了 this command :

az keyvault purge --name
                  [--location]
                  [--no-wait]
                  [--subscription]

因此，只要您登录的用户有足够的权限来运行此操作，您就可以使用以下命令永久删除整个 key 保管库:

az keyvault purge --name keyvaultname

这将永久且不可撤销地删除 keystore 及其所有 key 和设置。 Azure UI 中似乎没有办法在不使用 CLI 或其他工具的情况下执行此操作。 现在 UI 中似乎也支持此操作，see here :

1. Log in to the Azure portal.
2. Click on the search bar at the top of the page.
3. Under "Recent Services" click "Key Vault". Do not click anindividual key vault.
4. At the top of the screen click the option to "Manage deleted vaults"
5. A context pane will open on the right side of your screen.
6. Select your subscription.
7. If your key vault has been soft deleted it will appear in thecontext pane on the right.
8. If there are too many vaults, you can either click "Load More" atthe bottom of the context pane or use CLI or PowerShell to get theresults.
9. Once you find the vault you wish to recover or purge, select thecheckbox next to it.
10. Select the recover option at the bottom of the context pane if youwould like to recover the key vault.
11. Select the purge option if you would like to permanently delete thekey vault.