如何在 Key Vault Terraform 中禁用软删除
how to disable soft delete in key vault terraform
我正在尝试禁用密钥保管库的软删除。但我做不到。
这是我的地形代码:
provider "azurerm" {
features {
key_vault {
purge_soft_delete_on_destroy = true
}
}
}
data "azurerm_client_config" "current" {}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_key_vault" "example" {
name = "examplekeyvault"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
enabled_for_disk_encryption = true
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_retention_days = 7
purge_protection_enabled = false
}
Terraform 已正式弃用 soft_delete_enabled 字段。 This PR 显示从 AzureRM 2.42 版本开始弃用的字段。
Data Source: azurerm_key_vault - deprecating the field soft_delete_enabled (and conditionally removing this should 3.0 mode be enabled)
Resource: azurerm_key_vault - deprecating the field soft_delete_enabled and defaulting this to true (conditionally removing this should 3.0 mode be enabled). Notably this PR removes the error when attempting to disable/enable this - but since this is hard-coded to true in the Read function, operators can update their configurations (or remove the field) to clear this diff.
我也能够在 older version of the AzureRM provider 进行验证,在那里我发现了这个:
As of 2020-12-15 Azure now requires that Soft Delete is enabled on Key Vaults and this can no longer be disabled. Version v2.42 of the Azure Provider and later ignore the value of the soft_delete_enabled field and force this value to be true - as such this field can be safely removed from your Terraform Configuration. This field will be removed in version 3.0 of the Azure Provider.
Microsoft also mentions that 选择退出软删除已弃用,将于 2025 年 2 月完全禁用。
If a secret is deleted and the key vault does not have soft-delete protection, it is deleted permanently. Although users can currently opt out of soft-delete during key vault creation, this ability is depreciated. In February 2025, Microsoft will enable soft-delete protection on all key vaults, and users will no longer be able to opt out of or turn off soft-delete. This will protect secrets from accidental or malicious deletion by a user.
只要您使用的是最新版本的 Terraform,就应该默认启用软删除。没有更多字段可用于指定此功能,因为 AzureAPI 已弃用它。
如果您真的想禁用软删除,则需要使用旧版本的 Terraform AzureRM 提供程序 - 任何低于 2.42 的版本。
我正在尝试禁用密钥保管库的软删除。但我做不到。 这是我的地形代码:
provider "azurerm" {
features {
key_vault {
purge_soft_delete_on_destroy = true
}
}
}
data "azurerm_client_config" "current" {}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_key_vault" "example" {
name = "examplekeyvault"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
enabled_for_disk_encryption = true
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_retention_days = 7
purge_protection_enabled = false
}
Terraform 已正式弃用 soft_delete_enabled 字段。 This PR 显示从 AzureRM 2.42 版本开始弃用的字段。
Data Source: azurerm_key_vault - deprecating the field soft_delete_enabled (and conditionally removing this should 3.0 mode be enabled)
Resource: azurerm_key_vault - deprecating the field soft_delete_enabled and defaulting this to true (conditionally removing this should 3.0 mode be enabled). Notably this PR removes the error when attempting to disable/enable this - but since this is hard-coded to true in the Read function, operators can update their configurations (or remove the field) to clear this diff.
我也能够在 older version of the AzureRM provider 进行验证,在那里我发现了这个:
As of 2020-12-15 Azure now requires that Soft Delete is enabled on Key Vaults and this can no longer be disabled. Version v2.42 of the Azure Provider and later ignore the value of the soft_delete_enabled field and force this value to be true - as such this field can be safely removed from your Terraform Configuration. This field will be removed in version 3.0 of the Azure Provider.
Microsoft also mentions that 选择退出软删除已弃用,将于 2025 年 2 月完全禁用。
If a secret is deleted and the key vault does not have soft-delete protection, it is deleted permanently. Although users can currently opt out of soft-delete during key vault creation, this ability is depreciated. In February 2025, Microsoft will enable soft-delete protection on all key vaults, and users will no longer be able to opt out of or turn off soft-delete. This will protect secrets from accidental or malicious deletion by a user.
只要您使用的是最新版本的 Terraform,就应该默认启用软删除。没有更多字段可用于指定此功能,因为 AzureAPI 已弃用它。
如果您真的想禁用软删除,则需要使用旧版本的 Terraform AzureRM 提供程序 - 任何低于 2.42 的版本。