https://pulumi.com logo
Title
r

rough-tomato-98795

02/23/2021, 11:52 AM
Hello, is there a way how to purge keyvault secret with azure-nextgen?
b

brave-planet-10645

02/23/2021, 11:58 AM
How did the secret get added to the vault?
r

rough-tomato-98795

02/23/2021, 11:59 AM
with new next.keyvault.latest.Secret
b

brave-planet-10645

02/23/2021, 12:01 PM
Ah and you want it purged permanently? Rather than "soft deleted"?
r

rough-tomato-98795

02/23/2021, 12:02 PM
exactly
b

brave-planet-10645

02/23/2021, 12:03 PM
I don't believe you can (although I'll check up on this). You can set the number of days to keys around for before they are purged (https://www.pulumi.com/docs/reference/pkg/azure/keyvault/keyvault/#softdeleteretentiondays_nodejs) so you could set that to be 1 day.
r

rough-tomato-98795

02/23/2021, 12:05 PM
thats too long for our case. and unluckily we dont even have access to keyvault itself, in our program we just have rights to add and delete secrets
b

brave-planet-10645

02/23/2021, 12:07 PM
Another option would be just to delete it using the azure SDK. So as part of the program just delete it
r

rough-tomato-98795

02/23/2021, 12:08 PM
yeah, but some kind of hooking on component lifecycle will be needed then? Something like postDelete => purge with api call
or some kind of logic which purge if exists and do nothing if not can work as well i guess
t

tall-needle-56640

02/23/2021, 2:24 PM
@rough-tomato-98795 If you put the purge in the stack, then it will purge whether or not the secret has been created or deleted.
Can you explain your scenario?