Unable to recovered azure key-vault , it has soft-delete enable

Question

unfortunately my ARM template deployment (using azure DevOps service connection which has subscription level access) deleted azure keyvault which has soft-delete enable with 90 period but we cannot recovered from portal or Azure CLI. it showing empty array []

Note: when we are trying to re-create keyvault with same name it is saying keyvault is in soft-delete state so can't create with same name.

how to recovered my keyvault?

Answer 1

If you have enabled soft-delete for your Azure Key Vault, you should be able to recover it within the retention period (90 days by default). Here are the steps you can follow to recover your Key Vault:

First verify if you have enabled soft delete on your key vault via portal or CLI

az keyvault show --subscription <your-subscription-id> -g <Your-resource-group-name> -n <your-vault-name>

Output-

If yes, and if you have deleted that, then you can list it from portal or CLI

az keyvault list-deleted

or under key-vault -> manage deleted keyvaults in portal

If it is listed there, click on it and you can recover it. or from CLI

az keyvault recover --name <key-vault-name> --location <key-vault-location>

Since you mentioned that you are unable to create a new Key Vault with the same name, you may need to wait until the retention period for soft-delete has expired before you can create a new Key Vault with the same name.

This is the overall step to recover your vault. If you are still unable to recover using the same then below are the checks you need to do

Ensure that your Azure DevOps service connection has sufficient permissions to manage Key Vaults in the specified subscription. Check the RBAC (Role-Based Access Control) settings for the service connection. You should have key vault contributer or administrator enabled- and the vault you are trying to recover must not pass the retention period.

Reference documents: MS Doc