Azure key vault creation error: VaultAlreadyExists - I can't find the existing vault
Azure key vault creation error: VaultAlreadyExists - I can't find the existing vault
我正在尝试使用此 CLI 命令在 Azure 中创建密钥保管库...
az keyvault create --location $location --name $keyVaultName --resource-group $resourceGroupMainName --output none
但是这个returns错误...
(VaultAlreadyExists) The vault name '[value of $keyVaultName]' is
already in use. Vault names are globaly unique so it is possible that
the name is already taken. If you are sure that the vault name was not
taken then it is possible that a vault with the same name was recently
deleted but not purged after being placed in a recoverable state. If
the vault is in a recoverable state then the vault will need to be
purged before reusing the name. For more information on soft delete
and purging a vault follow this link
https://go.microsoft.com/fwlink/?linkid=2147740.
所以我运行这两个...
az keyvault list
az keyvault list-deleted
并且$keyVaultName没有出现在任何一个列表中。我已经请一位同事仔细检查这些结果,但它确实没有出现。我还查看了门户中的 管理已删除的保险库 边栏选项卡,它与 CLI 的结果相匹配 - 它不在那里。
我还尝试 recover 具有该名称的密钥保管库...
(DeletedVaultNotFound) The specified deleted vault '[value of $keyVaultName]' does not exist.
...然后 purge 具有该名称的密钥库...
No deleted Vault or HSM was found with name [value of $keyVaultName]
那么为什么 Azure 认为该名称已被使用?
如评论中所述,与 Azure 中的存储帐户类似,keyvault 在全球范围内也是唯一的。您可以从 docs,
查看类似的错误代码
Your attempt to create a new key vault with the specified name has
failed since the name is already in use. If you recently deleted a key
vault with this name, it may still be in the soft deleted state
Vault names and Managed HSM pool names are selected by the user and
are globally unique.
您可以使用 Powershell or Rest API
验证是否存在
当您创建 Azure Keyvault 时,默认情况下会启用软删除功能,这有助于客户恢复在 90 天(默认)内意外删除的密钥和机密,并且在该时间段内您无法使用同名。
一旦为 Azure Key Vault 启用软删除,您就无法禁用软删除,因为它是作为一种单向操作实现的,一旦启用就无法改回。但是,您可以使用带有选项 -InRemovedState 的 PowerShell cmdlet Remove-AzureRmKeyVault 命令,并通过使用 -Location 参数永久删除或清除 Azure Key Vault。如果要永久删除密钥或机密,则需要使用 Remove-AzureKeyVaultKey 和 Remove-AzureKeyVaultSecret 以及 -InRemovedState参数。详情请参考How to use Key Vault soft-delete with PowerShell
您也可以使用 Azure CLI 实现相同的目的。详见How to use Key Vault soft-delete with CLI。
我找到了一个更简单的方法,就是通过UI,您可以在密钥保管库管理页面中查看删除的密钥保管库是否存在。
单击 'manage deleted vaults' 超链接后,我能够 select 并清除或恢复已删除的密钥保管库。
我正在尝试使用此 CLI 命令在 Azure 中创建密钥保管库...
az keyvault create --location $location --name $keyVaultName --resource-group $resourceGroupMainName --output none
但是这个returns错误...
(VaultAlreadyExists) The vault name '[value of $keyVaultName]' is already in use. Vault names are globaly unique so it is possible that the name is already taken. If you are sure that the vault name was not taken then it is possible that a vault with the same name was recently deleted but not purged after being placed in a recoverable state. If the vault is in a recoverable state then the vault will need to be purged before reusing the name. For more information on soft delete and purging a vault follow this link https://go.microsoft.com/fwlink/?linkid=2147740.
所以我运行这两个...
az keyvault list
az keyvault list-deleted
并且$keyVaultName没有出现在任何一个列表中。我已经请一位同事仔细检查这些结果,但它确实没有出现。我还查看了门户中的 管理已删除的保险库 边栏选项卡,它与 CLI 的结果相匹配 - 它不在那里。
我还尝试 recover 具有该名称的密钥保管库...
(DeletedVaultNotFound) The specified deleted vault '[value of $keyVaultName]' does not exist.
...然后 purge 具有该名称的密钥库...
No deleted Vault or HSM was found with name [value of $keyVaultName]
那么为什么 Azure 认为该名称已被使用?
如评论中所述,与 Azure 中的存储帐户类似,keyvault 在全球范围内也是唯一的。您可以从 docs,
查看类似的错误代码Your attempt to create a new key vault with the specified name has failed since the name is already in use. If you recently deleted a key vault with this name, it may still be in the soft deleted state
Vault names and Managed HSM pool names are selected by the user and are globally unique.
您可以使用 Powershell or Rest API
验证是否存在当您创建 Azure Keyvault 时,默认情况下会启用软删除功能,这有助于客户恢复在 90 天(默认)内意外删除的密钥和机密,并且在该时间段内您无法使用同名。
一旦为 Azure Key Vault 启用软删除,您就无法禁用软删除,因为它是作为一种单向操作实现的,一旦启用就无法改回。但是,您可以使用带有选项 -InRemovedState 的 PowerShell cmdlet Remove-AzureRmKeyVault 命令,并通过使用 -Location 参数永久删除或清除 Azure Key Vault。如果要永久删除密钥或机密,则需要使用 Remove-AzureKeyVaultKey 和 Remove-AzureKeyVaultSecret 以及 -InRemovedState参数。详情请参考How to use Key Vault soft-delete with PowerShell
您也可以使用 Azure CLI 实现相同的目的。详见How to use Key Vault soft-delete with CLI。
我找到了一个更简单的方法,就是通过UI,您可以在密钥保管库管理页面中查看删除的密钥保管库是否存在。
单击 'manage deleted vaults' 超链接后,我能够 select 并清除或恢复已删除的密钥保管库。