Non-Recoverable Resources

[TonyWildish-BH]

The penetration testing report showed that (page 40):

A number of resources were identified that did not benefit from protection against accidental or intentional deletion. This could result in disruption to business operations.

Ensure that production Azure KeyVaults are recoverable in order to prevent permanent deletion/purging of encryption keys, secrets and certificates stored within these vaults. To make an Azure KeyVault or Storage Account instance recoverable, both "Soft Delete" and "Do Not Purge" features should be enabled.

• "Soft Delete", implemented by enableSoftDelete parameter, ensures that even if the KeyVault is deleted, the vault itself or its objects (keys, secrets, certificates) remain recoverable for next 90 days
• "Do Not Purge" feature, implemented by enablePurgeProtection parameter, ensures that the Azure Key Vault and its objects cannot be purged at all, preventing users from accidentally purging Azure KeyVault resources.

It was also noted that Storage Accounts were also configured without Soft-Delete, rendering their contents susceptible to accidental or intentional deletion.

N.B. The first action here is to review the list of affected resources (see the pen-test report), then decide what action is appropriate in each case. So this may spin out into a number of tickets, depending on what's required for each object type.

For KeyVaults, some of these configuration parameters are surfaced in the top-level config.yaml.

This is a medium level risk, but is something we must fix before the next pen-test.