Reputation: 5
Write the powershell script using runbook to enable the soft delete option for all keyVault in automated way
As per my understanding keyvault names are globally unique and also secrets as well as I won't be able to reuse the keyvault that exists in the soft deleted state I am having the multiple keyvaults, after deleting multiple keyvaluts it is moving to softdelete state
I want to enable the soft delete option automatically, If someone came and acciedently delete my keyvalut i can be able to grant the access permissions to recover the secrets Every time I cannot go to the portal and enable the soft delete option for the keyvault manually i want this in automated way
How can we write the playbook using powershell to automate the soft delete option for all keyvaults I have searched in the net and find this microsoft Document but didnot get any related information related to automation to get the results
Can any one help me to do this I will really appreciated
Thanks in advance $ have a good day with nice answer :)-
Upvotes: 0
Views: 246
Answers (1)
Reputation: 753
I tried to create the runbook using PowerShell for keyvault in my environment and got the below results
I have created the automation account to use the runbook
Created the runbook and wrote the PowerShell script for soft delete
#soft delete option for single vault
Connect-AzAccount
Get-AzKeyVault -VaultName "XXXXXX"
$vaultId = (Get-AzRecoveryServicesVault -Name "recovery-services" -ResourceGroupName 'XXXXX'.id)
(Get-AzRecoveryServicesVaultProperty -VaultID $vaultId).SoftDeleteFeatureState
#soft delete option for multiple keyvaults
$vaults = Get-AzRecoveryServicesVault
foreach($vault in $vaults) {
$properties = Get-AzRecoveryServicesVaultProperty -VaultId $vault.Id
if($properties.SoftDeleteFeatureState -eq 'Enabled') {
Write-Host "Soft delete option is enabled" $properties.SoftDeleteFeatureState "for" $vault.Name "`n" `
-ForeGroundColor Green
} else {
Write-Host "Soft delete option is enabled" $properties.SoftDeleteFeatureState "for" $vault.Name "`n" `
-ForeGroundColor Red
}
}
Saved my script and published, and I run my script when I check the job its succeeded and the status is running
When I check the keyvault the auto soft delete got enabled
Added the schedule to run automatically for particular period of time
Upvotes: 0
Related Questions
- How can I permanently purge an entire azure keyvault that's been created with soft delete enabled?
- Terraform keyvault delete protection not work as expected
- how to disable soft delete in key vault terraform
- How to tell terraform it should try to delete a soft-deleted azure keyvault key, when it exists?
- Unable to enable soft delete on Key Vault via ARM Template
- Unable to delete Secrets from Key Vault with Soft-Delete enabled
- Operation 'DeletedVaultPurge' is not allowed - trying to purge Azure Key Vault
- Delete Secret on Azure Keyvault not working
- Azure ARM: Remove-AzureRmKeyVault -Force not working
- How to enable Soft Delete on an existing Azure KeyVault