services / Azure / Key Vault
An Azure Key Vault is a managed secrets store holding cryptographic keys, secrets, and certificates and their access/network configuration.
Key Vaults are CRITICAL-tier assets: they centralize credentials and cryptographic material relied on across many organizational functions.
Microsoft.KeyVault/Vaults/delete
Deleting a key vault destroys the keys, secrets, and certificates it contains (cryptographic destruction) and removes a service that dependent production workloads rely on (denial of service).
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog