Azure – Soft-delete will be enabled by default for Azure Key Vault

You may already know Azure Key Vault, the cloud solution provided by Azure to store securely secrets (like certificates, passwords…)

You may already know there is a functionality available called soft-deleted allowing to recover deleted secret up to 90 days after the deletion.

This option is available from the Properties blade of the Key Vault


Well, this functionality will be automatically  enabled by the end of the year, making opt-in/opt-out impossible.

If you regularly have to delete existing secret to create new ones using the same name this will cause you some trouble as an existing secret with the same will already exist (in the ‘recycle bin’). You will have to update your process to either generate name or purge the deleted secret before reusing the same secret name.