Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Deleted keyvault with option --enable-soft-delete true does not appear in list of deleted keyvaults
See original GitHub issueDescribe the bug
I create a keyvault with --enable-soft-delete true and then delete this keyvault. The keyvault does not show up in az keyvault list-deleted afterwards, the keyvault can’t be purged with az keyvault purge <kv_name>, and a new keyvault of the same name can not be created.
To Reproduce
$:~/$ az keyvault list
[]
$:~/$ az keyvault create --name test-kv123123123123 --resource-group $RESOURCE_GROUP_NAME --enabled-for-template-deployment true --enable-soft-delete true
{- Finished ..
"id": "/subscriptions/<some-guid>/resourceGroups/<my-resource-group>/providers/Microsoft.KeyVault/vaults/test-kv123123123123",
"location": "norwayeast",
"name": "test-kv123123123123",
"properties": {
"accessPolicies": [
{
"applicationId": null,
"objectId": "<some-guid>",
"permissions": {
"certificates": [
"get",
"list",
"delete",
"create",
"import",
"update",
"managecontacts",
"getissuers",
"listissuers",
"setissuers",
"deleteissuers",
"manageissuers",
"recover"
],
"keys": [
"get",
"create",
"delete",
"list",
"update",
"import",
"backup",
"restore",
"recover"
],
"secrets": [
"get",
"list",
"set",
"delete",
"backup",
"restore",
"recover"
],
"storage": [
"get",
"list",
"delete",
"set",
"update",
"regeneratekey",
"setsas",
"listsas",
"getsas",
"deletesas"
]
},
"tenantId": "<some-guid>"
}
],
"createMode": null,
"enablePurgeProtection": null,
"enableRbacAuthorization": null,
"enableSoftDelete": true,
"enabledForDeployment": false,
"enabledForDiskEncryption": null,
"enabledForTemplateDeployment": true,
"networkAcls": null,
"privateEndpointConnections": null,
"provisioningState": "Succeeded",
"sku": {
"name": "standard"
},
"softDeleteRetentionInDays": 90,
"tenantId": "<some-guid>",
"vaultUri": "https://test-kv123123123123.vault.azure.net/"
},
"resourceGroup": "<my-resource-group>",
"tags": {},
"type": "Microsoft.KeyVault/vaults"
}
$:~/$ az keyvault delete --name test-kv123123123123 --resource-group $RESOURCE_GROUP_NAME --verbose
Configured default '<my-resource-group>' for arg resource_group_name
Command ran in 3.691 seconds (init: 0.139, invoke: 3.552)
$:~/$ az keyvault list-deleted []
[]
$:~/$ az keyvault purge --name test-kv123123123123
No deleted vault was found with name test-kv123123123123
$:~/$ az keyvault create --name test-kv123123123123 --resource-group $RESOURCE_GROUP_NAME --enabled-for-template-deployment true --enable-soft-delete false
The property "enableSoftDelete" can be set to false only for creating new vault. Enabling the 'soft delete' functionality is an irreversible action.
Expected behavior
After running az keyvault create --name test-kv123123123123 --resource-group $RESOURCE_GROUP_NAME --enabled-for-template-deployment true --enable-soft-delete true and az keyvault delete --name test-kv123123123123 --resource-group $RESOURCE_GROUP_NAME --verbose, the command az keyvault list-deleted should return a list which includes the recently deleted keyvault, and az keyvault purge --name test-kv123123123123 should purge the deleted keyvault.
Environment summary
Using Azure CLI 2.9.0 on WSL Ubuntu 20.04, Windows 10.
az version
{
"azure-cli": "2.9.0",
"azure-cli-command-modules-nspkg": "2.0.3",
"azure-cli-core": "2.9.0",
"azure-cli-nspkg": "3.0.4",
"azure-cli-telemetry": "1.0.4",
"extensions": {}
}
Additional context
Issue Analytics
- State:
- Created 3 years ago
- Comments:19 (8 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hey Same Problem … i mean BIG PROBLEM. I am testing the Azure CAF Landing Zones using Terraform. The workflow would try to create a keyvault during the process and later i will destroy the resources. Yesterday I ran it for the first time and it created a KV by the name of Launchpad in my subscription. Later i destroyed the resources and after some time tried running the deployment script again. BOOM … there was an error - saying KV with name Launchpad already exists. I went to portal and manually tried to create with same name and got same error.
Funny thing is if i am searching (and i am using Cloud Shell running latest v 2.11.1) with az keyvault list-deleted there is no output. Please can someone help me ???
Please fix this problem. I now have a new subscription and tenant however keyvault with the name “launchpad” still can not be created.