Allow Keyvault purge when 'purge protection' is enabled
Purge protection is a required setting for our InfoSec team. Unfortunately we cannot move a keyvault from one region to another one, and we cannot completely get it purged (https://docs.microsoft.com/en-us/azure/key-vault/key-vault-ovw-soft-delete / https://docs.microsoft.com/en-us/rest/api/keyvault/vaults/purgedeleted).
There should be a mechanism/procedure to force a keyvault purge (even by raising an INC to MS)
Pretty useless feature in my opinion. Nothing should be created as "irreversible" in todays day and age. At least the highest management team should be able to purge a deleted key vault.
I understand that purge protection is a security feature and one should not enable it without thinking 10 times but... We're only human and can make mistakes and so it would be nice to have SOME way of resolving a name conflict if a vault gets created in an incorrect region, for example. If we can't purge an unnecessary vault we need another workaround. What if we could rename it to free up the vault name we require? Even if we'd need to create a service ticket for MS and get 3 levels of mgmt approvals, we need SOME way of fixing this issue. You can't just create an irreversible function and say: "Sorry, there's nothing we can do about it". Let's work together to find a solution.
Seema Bansal commented
If you want to access purge operation, then purge protection would have to be disabled. There is no other way for user or for MS to purge the key vault unless the purge protection period has elapsed.