How to resolve Sprinto check to ensure key vaults are recoverable

About:

Sprinto check: Ensure the Key Vault is Recoverable

The above-mentioned Sprinto check verifies that the recovery option is enabled for your Azure Key Vaults. The recovery option allows you to recover a deleted Key Vault and its contents within a specified retention period, protecting against accidental or malicious deletion.

Purpose:

This check ensures that you have a safeguard in place to recover your Key Vaults and their contents in case of accidental or malicious deletion. By enabling the recovery option, you can mitigate the risk of data loss and ensure the availability of your cryptographic keys, secrets, and certificates, even if the Key Vault is deleted.

How to fix this check:

Follow the below steps to resolve this check:

Before you begin

Ensure you have the administrator privilege to manage Azure Key Vault settings.

Enabling Key Vault Recovery

Log in to the Azure portal using your credentials.
Navigate to the Key Vaults service.
Select the key vault from the list to review the configuration.
Click on Properties under Settings from the left-side navigation bar.
Ensure you have the following configuration status:
- Soft-delete: Soft delete is enabled on this key vault
- Purge protection: Enabled purge protection. If it is disabled, you can enable it and save the changes.
Repeat the above steps for all key vaults that stores critical organizational data.

Sprinto will detect the configuration change and set the check status to "Passing.”

Contact Sprinto support if you have any queries related to the check or need assistance.

PreviousHow to resolve Sprinto check to ensure GCP KMS crypto keys are not anonymously or publicly accessible NextHow to resolve Sprinto check to ensure no service account on GCP account is assigned with administrator roles