You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/key-vault/key-vault-ovw-soft-delete.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -31,21 +31,21 @@ Azure Key Vaults are tracked resources, managed by Azure Resource Manager. Azure
31
31
32
32
With this feature, the DELETE operation on a key vault or key vault object is a soft-delete, effectively holding the resources for a given retention period (90 days), while giving the appearance that the object is deleted. The service further provides a mechanism for recovering the deleted object, essentially undoing the deletion.
33
33
34
-
Soft-delete is now on my default for newly created Key Vault's. It can be disabled via [CLI](key-vault-soft-delete-cli.md) or [Powershell](key-vault-soft-delete-powershell.md).
34
+
Soft-delete is now on by default for newly created key vaults. It can be disabled through the [Azure CLI](key-vault-soft-delete-cli.md) or [Azure Powershell](key-vault-soft-delete-powershell.md).
35
35
36
-
It is possible to change the number of retention policy from 7 to 90 days (in the portal). Once this is set and saved, this value can never be changed on that Vault (and purge protection follows the same interval). This will also soon be configurable via PSH and CLI.
36
+
The default retention period is 90 days, but it is possible to set the retention policy interval to a value from 7 to 90 days through the Azure portal. The purge protection retention policy uses the same interval.
37
37
38
-
Note that this has the following repercussions when creating new vaults after you have soft-deleted them. If you attempt to create soft-deleted vault (or secret within a vault that has the same name), you will recieve an error message. This is due to the fact that we hold the names of that vault or secret until they have officially been purged (which is set by the retention in days paramter).
38
+
Once soft-delete has been set on a key vault it cannot be disabled, and the retention policy interval cannot be changed.
39
39
40
-
Once soft-delete is enababled and saved, it can never be changed for the vault thereafter.
40
+
You cannot reuse the name of a key vault that has been soft-deleted until the retention period has passed.
41
41
42
42
### Purge protection
43
43
44
-
When purge protection is on, a vault or an object in deleted state cannot be purged until the retention period of 90 days (the default value) has passed. These vaults and objects can still be recovered, assuring customers that the retention policy will be followed.
44
+
Purge protection is an optional Key Vault behavior and is **not enabled by default**. It can be turned on via [CLI](key-vault-soft-delete-cli.md#enabling-purge-protection) or [Powershell](key-vault-soft-delete-powershell.md#enabling-purge-protection).
45
45
46
-
It is possible to change the number of retention policy from 7 to 90 days (in the portal). Once this is set and saved, this value can never be changed on that Vault. This will also soon be configurable via PSH and CLI.
46
+
When purge protection is on, a vault or an object in the deleted state cannot be purged until the retention period has passed. Soft-deleted vaults and objects can still be recovered, ensuring that the retention policy will be followed.
47
47
48
-
Purge protection is an optional Key Vault behavior and is **not enabled by default**. It can be turned on via [CLI](key-vault-soft-delete-cli.md#enabling-purge-protection) or [Powershell](key-vault-soft-delete-powershell.md#enabling-purge-protection).
48
+
The default retention period is 90 days, but it is possible to set the retention policy interval to a value from 7 to 90 days through the Azure portal. Once the retention policy interval is set and saved it cannot be changed for that vault.
0 commit comments