如何永久清除在启用软删除的情况下创建的整个 azure keyvault?
How can I permanently purge an entire azure keyvault that's been created with soft delete enabled?
当您创建启用了软删除的 azure keyvault 时,keyvault 仍然存在,即使您将其删除并从头开始重新创建也是如此。
When soft-delete is enabled, resources marked as deleted resources are retained for a specified period (90 days by default). The service further provides a mechanism for recovering the deleted object, essentially undoing the deletion.
当您尝试通过 UI:
删除密钥库时,您也会收到此错误消息
The soft delete feature has been enabled on this key vault. After you
soft delete this key vault, it will remain in your subscription as a
hidden vault. It will get purged after the retention period you
specified. You may purge it sooner, or restore the vault, using Azure
Portal, Azure PowerShell, or Azure CLI. See this page for reference:
https://docs.microsoft.com/azure/key-vault/key-vault-ovw-soft-delete
这导致我在开发中出现问题。我创建了一个启用软删除(意外)的密钥库,现在我想完全删除该密钥库并使用不同的设置重新创建它。每次我删除它并重新创建它时,它都包含以前的所有设置、密钥等。我也无法创建一个同名的密钥库,并禁用软删除。它抱怨具有该名称的 keyvault 已经存在(VaultAlreadyExists 异常)并且设置不兼容。
keyvault docs on MSDN(Azure 中上述消息中的 link)提到了如何永久清除软删除,但它略显委婉的句子对我没有太大帮助:
Permanently deleting, purging, a key vault is possible via a POST
operation on the proxy resource and requires special privileges.
那么我该如何摆脱这个东西呢?
我后来发现,首先要注意的是 soft delete will be enabled by default by any time now。因此 禁用 的 软删除现在实际上已弃用 。但我还是想彻底删除我的密钥库。
在 azure cli 中做了一些挖掘之后,我偶然发现了 this command:
az keyvault purge --name
[--location]
[--no-wait]
[--subscription]
因此,如果您使用具有足够权限的用户登录 运行,您可以使用以下命令永久删除整个密钥保管库:
az keyvault purge --name keyvaultname
这会永久且不可撤销地删除密钥保管库及其所有密钥和设置。 在 Azure UI 中似乎没有办法在不使用 CLI 或其他工具的情况下执行此操作。 UI 似乎支持此操作] 现在,see here:
- Log in to the Azure portal.
- Click on the search bar at the top of the page.
- Under "Recent Services" click "Key Vault". Do not click an
individual key vault.
- At the top of the screen click the option to "Manage deleted vaults"
- A context pane will open on the right side of your screen.
- Select your subscription.
- If your key vault has been soft deleted it will appear in the
context pane on the right.
- If there are too many vaults, you can either click "Load More" at
the bottom of the context pane or use CLI or PowerShell to get the
results.
- Once you find the vault you wish to recover or purge, select the
checkbox next to it.
- Select the recover option at the bottom of the context pane if you
would like to recover the key vault.
- Select the purge option if you would like to permanently delete the
key vault.
您也可以使用 Az PS。
根据之前的回答,这是假设您对订阅有足够的权限:
Remove-AzKeyVault -VaultName kvname -InRemovedState -Force -Location "Location"
请参阅此内容以供参考:
https://docs.microsoft.com/en-us/powershell/module/az.keyvault/remove-azkeyvault?view=azps-5.7.0
此外,我使用此参考来获取参数的正确顺序,因为我不熟悉开关参数及其去向。
https://github.com/Azure/azure-powershell/issues/14012
当您创建启用了软删除的 azure keyvault 时,keyvault 仍然存在,即使您将其删除并从头开始重新创建也是如此。
When soft-delete is enabled, resources marked as deleted resources are retained for a specified period (90 days by default). The service further provides a mechanism for recovering the deleted object, essentially undoing the deletion.
当您尝试通过 UI:
删除密钥库时,您也会收到此错误消息The soft delete feature has been enabled on this key vault. After you soft delete this key vault, it will remain in your subscription as a hidden vault. It will get purged after the retention period you specified. You may purge it sooner, or restore the vault, using Azure Portal, Azure PowerShell, or Azure CLI. See this page for reference: https://docs.microsoft.com/azure/key-vault/key-vault-ovw-soft-delete
这导致我在开发中出现问题。我创建了一个启用软删除(意外)的密钥库,现在我想完全删除该密钥库并使用不同的设置重新创建它。每次我删除它并重新创建它时,它都包含以前的所有设置、密钥等。我也无法创建一个同名的密钥库,并禁用软删除。它抱怨具有该名称的 keyvault 已经存在(VaultAlreadyExists 异常)并且设置不兼容。
keyvault docs on MSDN(Azure 中上述消息中的 link)提到了如何永久清除软删除,但它略显委婉的句子对我没有太大帮助:
Permanently deleting, purging, a key vault is possible via a POST operation on the proxy resource and requires special privileges.
那么我该如何摆脱这个东西呢?
我后来发现,首先要注意的是 soft delete will be enabled by default by any time now。因此 禁用 的 软删除现在实际上已弃用 。但我还是想彻底删除我的密钥库。
在 azure cli 中做了一些挖掘之后,我偶然发现了 this command:
az keyvault purge --name
[--location]
[--no-wait]
[--subscription]
因此,如果您使用具有足够权限的用户登录 运行,您可以使用以下命令永久删除整个密钥保管库:
az keyvault purge --name keyvaultname
这会永久且不可撤销地删除密钥保管库及其所有密钥和设置。 在 Azure UI 中似乎没有办法在不使用 CLI 或其他工具的情况下执行此操作。 UI 似乎支持此操作] 现在,see here:
- Log in to the Azure portal.
- Click on the search bar at the top of the page.
- Under "Recent Services" click "Key Vault". Do not click an individual key vault.
- At the top of the screen click the option to "Manage deleted vaults"
- A context pane will open on the right side of your screen.
- Select your subscription.
- If your key vault has been soft deleted it will appear in the context pane on the right.
- If there are too many vaults, you can either click "Load More" at the bottom of the context pane or use CLI or PowerShell to get the results.
- Once you find the vault you wish to recover or purge, select the checkbox next to it.
- Select the recover option at the bottom of the context pane if you would like to recover the key vault.
- Select the purge option if you would like to permanently delete the key vault.
您也可以使用 Az PS。 根据之前的回答,这是假设您对订阅有足够的权限:
Remove-AzKeyVault -VaultName kvname -InRemovedState -Force -Location "Location"
请参阅此内容以供参考: https://docs.microsoft.com/en-us/powershell/module/az.keyvault/remove-azkeyvault?view=azps-5.7.0
此外,我使用此参考来获取参数的正确顺序,因为我不熟悉开关参数及其去向。 https://github.com/Azure/azure-powershell/issues/14012