TF 0027 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Key vault should have purge protection enabled
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | keyvault |
| Provider | Azure |
| Vulnerability Type | omission |
Description
The Key Vault resource is missing purge protection, allowing deleted keys and secrets to be permanently removed without the possibility of recovery. This configuration bypasses safeguards intended to prevent accidental or malicious data loss.
Impact
Without purge protection, attackers or unauthorized users with sufficient permissions could permanently delete cryptographic keys or secrets, leading to irreversible loss of access to encrypted resources, service outages, or compromise of critical business processes.
Resolution
Enable purge protection for key vaults