[Key Vault] az keyvault create: Fix keyvault create RequestDisallowedByPolicy error by explicitly setting enableSoftDelete in the request body

[rahulalapati43]

Explicitly set enableSoftDelete=True in the request body for az keyvault create to satisfy Azure Policy checks that require the property to be present.

Related command
az keyvault create

Description
Explicitly set enableSoftDelete=True in the VaultProperties constructor when creating a Key Vault. While soft delete is already enabled by default on the service side, Azure Policy checks may require the property to be explicitly present in the
request body. Without it, az keyvault create fails with a RequestDisallowedByPolicy error when such policies are enforced. This is a non-breaking fix — no new parameters are exposed and customer behavior is unchanged.

Testing Guide

Basic vault creation (should succeed without RequestDisallowedByPolicy)

az keyvault create --name --resource-group --location

Verify soft delete is enabled on the created vault

az keyvault show --name --query "properties.enableSoftDelete"

Expected: true

History Notes

[Component Name 1] BREAKING CHANGE: az command a: Make some customer-facing breaking change
[Component Name 2] az command b: Add some customer-facing feature

---

This checklist is used to make sure that common guidelines for a pull request are followed.

• The PR title and description has followed the guideline in Submitting Pull Requests.

• I adhere to the Command Guidelines.

• I adhere to the Error Handling Guidelines.

[azure-client-tools-bot-prd]

Validation for Azure CLI Full Test Starting...

Thanks for your contribution!

[azure-client-tools-bot-prd]

Hi @rahulalapati43,
Since the current milestone time is less than 7 days, this pr will be reviewed in the next milestone.

[azure-client-tools-bot-prd]

Validation for Breaking Change Starting...

Thanks for your contribution!

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

This PR updates az keyvault create to explicitly include enableSoftDelete in the Key Vault create request body so Azure Policy checks that require the property won’t block vault creation.

Changes:

• Explicitly sets enable_soft_delete=True when constructing VaultProperties for vault creation.
• Adds a release note entry describing the policy-related fix for az keyvault create.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
src/azure-cli/azure/cli/command_modules/keyvault/custom.py	Forces enable_soft_delete=True into the vault create payload to satisfy Azure Policy evaluation.
src/azure-cli/HISTORY.rst	Documents the Key Vault create policy fix in release history.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[yonzhan]

Thank you for your contribution! We will review the pull request and get back to you soon.

[github-actions]

The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR.

Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions).
After that please run the following commands to enable git hooks:

pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>