No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

How did the secret get added to the vault?

Ah and you want it purged permanently? Rather than "soft deleted"?

I don't believe you can (although I'll check up on this). You can set the number of days to keys around for before they are purged (<https://www.pulumi.com/docs/reference/pkg/azure/keyvault/keyvault/#softdeleteretentiondays_nodejs>) so you could set that to be 1 day.

thats too long for our case. and unluckily we dont even have access to keyvault itself, in our program we just have rights to add and delete secrets

Another option would be just to delete it using the azure SDK. So as part of the program just delete it

<https://docs.microsoft.com/en-us/rest/api/keyvault/purgedeletedsecret/purgedeletedsecret>

or <https://docs.microsoft.com/en-us/dotnet/api/overview/azure/security.keyvault.secrets-readme-pre>

yeah, but some kind of hooking on component lifecycle will be needed then? Something like postDelete =&gt; purge with api call

or some kind of logic which purge if exists and do nothing if not can work as well i guess

<@UTF6UGW4B> If you put the purge in the stack, then it will purge whether or not the secret has been created or deleted.