KeyVaults, especially with the new softDelete protection are becoming the bane of my existence.. If I protect keyvault, I have to pass the URN of 20+ other resources to delete them (note: I still want the "--exclude-protected" flag on

pulumi destroy

), if I do choose to delete the keyvault, I can't recreate the same one because it's softDeleted and therefore "still there" (nevermind that the RG is gone..). So I have to create just the RG, then restore the keyvault into the rg - but now if I try to create the keyvault in pulumi (exact same) I can't because obviously it exists - and I can't refresh because it's not in the state.. so I have to use pulumi import azure-native:keyvault:Vault (vaultname) (vaultname).. and that doesn't even work because resource (vaultname) does not exist.. 😕

If those are temporary stacks, why not auto-name the KeyVault with a random name?

it's temporary on its way to permanence.. I do realize that I should be doing this in a "throwaway" configuration, but it's also for testing reproducability and recovery and suchlike

You could also purge old keyvaults (outside Pulumi)