Home > database >  Do expired versions of a certificate get purged from Key Vault?
Do expired versions of a certificate get purged from Key Vault?

Time:10-16

Does Azure Key Vault purge expired versions automatically so it does not get returned from get key versions?

Background:

We plan to use Azure Key Vault certificates with a 2 month rotation. So, we will set ValidityInMonths to 2 and RenewAtNumberOfDaysBeforeExpiry to 3 or so. The reason for the short rotation is that it will be used for asymetric signing.

We need to make the public keys available from an API, so we will call get key versions.

My concern is that the number of versions will keep growing every 2 months.

CodePudding user response:

No, the process is not automatic. To permanently delete a secret First a user must delete the object, which puts it into the soft-deleted state. Second, a user must purge the object in the soft-deleted state. The purge operation requires additional access policy permissions.

Note: Soft delete is Enabled by by default.

You can find more information here Azure Key Vault soft-delete overview

Page link:https//www.codepudding.com/database/154661.html

Prev:How to add default variable in Azure Run Pipeline Menu
Next:How do I grant permissions for blob storage to a daemon application in Azure AD?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding