Introduction
Accidentally deleting an Azure Key Vault can feel like a heart-stopping moment—especially when it holds secrets, certificates, and keys critical to your applications. Thankfully, Azure Key Vault comes with built-in safeguards like Soft Delete and Purge Protection, giving you a safety net when mistakes happen. In this article, we’ll walk through exactly how to recover a deleted Key Vault using both Azure CLI and the Azure Portal, along with important considerations and best practices to make sure your vaults stay protected. Whether you’re dealing with an unexpected deletion or simply preparing for disaster recovery scenarios, this guide will help you restore your vault quickly and confidently.
Soft-Delete and Retention
Soft-delete is a protective feature in Azure Key Vault designed to prevent accidental loss of critical secrets, keys, or certificates. When a Key Vault is deleted, it isn’t removed permanently. Instead, it transitions into a “soft-deleted” state and remains recoverable for a specified retention period.
By default, Azure retains deleted Key Vaults for 90 days. During this window, you have the option to either restore the vault or permanently purge it from your environment.
Recover a Deleted Azure Key Vault
Using Azure CLI
If you prefer the command-line approach, Azure CLI provides a fast and efficient way to recover a deleted Key Vault. Simply run the following command to restore your vault:
az keyvault recover --name <your-vault-name>
Using Azure Portal
If you’re more comfortable with the Azure Portal, you can recover your Key Vault in just a few clicks:
Open the Azure Portal.
In the top search bar, search for Key Vaults.
From the toolbar, select Manage deleted vaults.
Find the vault you previously deleted.
Click the vault, then select Recover.
Azure will take care of the rest—your Key Vault and all of its contents will be restored automatically.
Summary
Azure Key Vault offers a secure and reliable way to store your secrets, keys, and certificates—and thanks to soft-delete, it also protects you from accidental deletions. If a vault is ever removed unintentionally, there’s no need to worry. With a clear understanding of the recovery process, you can quickly restore your Key Vault and keep your applications, secrets, and services running safely and without interruption.