azurepowershellazure-keyvaultrunbook

Write the powershell script using runbook to enable the soft delete option for all keyVault in automated way

As per my understanding keyvault names are globally unique and also secrets as well as I won't be able to reuse the keyvault that exists in the soft deleted state I am having the multiple keyvaults, after deleting multiple keyvaluts it is moving to softdelete state

I want to enable the soft delete option automatically, If someone came and acciedently delete my keyvalut i can be able to grant the access permissions to recover the secrets Every time I cannot go to the portal and enable the soft delete option for the keyvault manually i want this in automated way

How can we write the playbook using powershell to automate the soft delete option for all keyvaults I have searched in the net and find this microsoft Document but didnot get any related information related to automation to get the results

Can any one help me to do this I will really appreciated

Thanks in advance $ have a good day with nice answer :)-

Solution

  • I tried to create the runbook using PowerShell for keyvault in my environment and got the below results

    I have created the automation account to use the runbook

    enter image description here

    Created the runbook and wrote the PowerShell script for soft delete

        #soft delete option for single vault
    Connect-AzAccount
    Get-AzKeyVault -VaultName "XXXXXX" 
    $vaultId  =  (Get-AzRecoveryServicesVault -Name "recovery-services"  -ResourceGroupName 'XXXXX'.id)   
    (Get-AzRecoveryServicesVaultProperty -VaultID $vaultId).SoftDeleteFeatureState  
    
    
    #soft delete option for multiple keyvaults
    $vaults  = Get-AzRecoveryServicesVault
    foreach($vault  in  $vaults)  {   
    $properties  = Get-AzRecoveryServicesVaultProperty -VaultId $vault.Id    
    if($properties.SoftDeleteFeatureState -eq 'Enabled')  {    
    Write-Host "Soft delete option is enabled"  $properties.SoftDeleteFeatureState "for"  $vault.Name "`n" `    
    -ForeGroundColor Green    
    }  else  {    
    Write-Host "Soft delete option is enabled"  $properties.SoftDeleteFeatureState "for"  $vault.Name "`n" `    
    -ForeGroundColor Red   
    }
    }

    Saved my script and published, and I run my script when I check the job its succeeded and the status is running

    enter image description here

    When I check the keyvault the auto soft delete got enabled

    enter image description here

    Added the schedule to run automatically for particular period of time

    enter image description here