1. Log in to the Azure portal (https://portal.azure.com).
2. Navigate to the Key Vault that needs to be remediated.
3. Click on the “Properties” tab.
4. Scroll down to the “Soft delete” section and click on the “Configure” button.
5. In the “Soft delete” blade, toggle the “Recoverable” switch to the “On” position.
6. Set the “Retention period” to the desired number of days.
7. Click on the “Save” button to save the changes.
8. Once the changes are saved, the Key Vault will have recoverability enabled.

​

1. Open the AZURE CLI on your local machine or use the AZURE Cloud Shell.
2. Login to your AZURE account using the following command:

az login

3. Once you are logged in, set the subscription where your Key Vault is located using the following command:

az account set --subscription <subscription_id>

4. Next, enable soft delete for the Key Vault using the following command:

az keyvault update --name <key_vault_name> --resource-group <resource_group_name> --enable-soft-delete true

5. Finally, enable purge protection for the Key Vault using the following command:

az keyvault update --name <key_vault_name> --resource-group <resource_group_name> --enable-purge-protection true

1. First, you need to install the azure-mgmt-keyvault package. You can do this by running the following command:
   Copy

   Ask AI

   pip install azure-mgmt-keyvault
   

2. Next, you need to authenticate with Azure. You can do this by creating a ServicePrincipalCredentials object and passing in your Azure credentials:
   Copy

   Ask AI

   from azure.common.credentials import ServicePrincipalCredentials
   
   credentials = ServicePrincipalCredentials(
       client_id='<your-client-id>',
       secret='<your-client-secret>',
       tenant='<your-tenant-id>'
   )
   

3. Once you’re authenticated, you can create a KeyVaultManagementClient object and use it to enable recoverability:
   Copy

   Ask AI

   from azure.mgmt.keyvault import KeyVaultManagementClient
   from azure.mgmt.keyvault.models import VaultCreateOrUpdateParameters, VaultProperties, Sku, SkuName, AccessPolicyEntry, Permissions, SecretPermissions, StoragePermissions
   
   # Create the KeyVaultManagementClient object
   client = KeyVaultManagementClient(credentials, '<your-subscription-id>')
   
   # Get the resource group and vault names
   resource_group_name = '<your-resource-group-name>'
   vault_name = '<your-vault-name>'
   
   # Get the existing vault properties
   vault = client.vaults.get(resource_group_name, vault_name)
   
   # Enable recoverability
   vault.properties.enable_soft_delete = True
   vault.properties.enable_purge_protection = True
   
   # Update the vault
   parameters = VaultCreateOrUpdateParameters(
       location=vault.location,
       properties=vault.properties,
       sku=Sku(name=SkuName.standard)
   )
   client.vaults.create_or_update(resource_group_name, vault_name, parameters)
   

   This code will enable both soft delete and purge protection for the specified Key Vault.
4. Finally, you can verify that recoverability has been enabled by checking the enable_soft_delete and enable_purge_protection properties of the vault:
   Copy

   Ask AI

   # Get the updated vault properties
   vault = client.vaults.get(resource_group_name, vault_name)
   
   # Check that recoverability is enabled
   if vault.properties.enable_soft_delete and vault.properties.enable_purge_protection:
       print('Recoverability has been enabled for the Key Vault')
   else:
       print('Failed to enable recoverability for the Key Vault')