standard
turbot/azure_compliance

Trigger: Detect & correct Key Vaults with purge protection disabled

Detect key vaults with purge protection disabled and then enable purge protection.

Query

select
concat(
vault.id,
' [',
vault.subscription_id,
'/',
vault.resource_group,
']'
) as title,
vault.id as id,
vault.name,
vault.resource_group,
vault.subscription_id,
vault._ctx ->> 'connection_name' as conn
from
azure_key_vault as vault
where
not (
soft_delete_enabled
and purge_protection_enabled
);

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/KeyVault