Breaking Change: Soft Delete will be turned on for all key vaults


When a secret is deleted from a key vault without soft-delete protection, the secret is permanently deleted. Users can currently opt-out of soft-delete during key vault creation but, to protect your secrets from accidental or malicious deletion by a user, Microsoft will soon enable soft-delete protection on all key vaults, and users will no longer have the option to opt-out or turn soft-delete off.


By when do I need to take action?

Soft delete will be turned on for all key vaults by the end of the year. To make sure that your applications are not affected, turn on soft-delete on your key vaults as soon as possible.


What will happen if I don’t take any action?

If you do not take any action, soft-delete will automatically be turned on for all of your key vaults at the end of the year. This may result in conflict errors if you attempt to delete a key vault object and recreate it with the same name without purging it from the soft-deleted state first. This may cause your applications or automation to fail.


See the complete details in the documentation here.


Contact us with any questions regarding this change at


0 Replies