diff --git a/.gitignore b/.gitignore
index da93b46aa9128ef5613f179a7e338a026a1f9100..c0a344de55d094bdc3ad65171f4786ec81529b04 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,8 @@ osdu-charts/
 custom*.tfvars
 dev.tfvars
 
+infra-azure-provisioning.sln
+
 .envrc*
 *.output
 
diff --git a/infra/modules/providers/azure/cosmosdb/main.tf b/infra/modules/providers/azure/cosmosdb/main.tf
index dc3d8e37f16e4f0c0f434ea0a63dfca8f8a8866f..1fad5da0061d6e56708c7f4ddb8a23aa579f7c7e 100755
--- a/infra/modules/providers/azure/cosmosdb/main.tf
+++ b/infra/modules/providers/azure/cosmosdb/main.tf
@@ -44,14 +44,27 @@ resource "azurerm_cosmosdb_account" "cosmosdb" {
     consistency_level = var.consistency_level
   }
 
-  geo_location {
-    location          = var.is_primary_loc_set == null ? var.primary_replica_location : data.azurerm_resource_group.cosmosdb.location
-    failover_priority = 0
-  }
+  dynamic "geo_location" {
+    for_each = var.enable_replication ? [
+      {
+        location          = var.is_primary_loc_set == null ? var.primary_replica_location : data.azurerm_resource_group.cosmosdb.location
+        failover_priority = 0
+      },
+      {
+        location          = var.primary_replica_location
+        failover_priority = var.is_primary_loc_set == null ? 0 : 1
+      }
+      ] : [
+      {
+        location          = data.azurerm_resource_group.cosmosdb.location
+        failover_priority = 0
+      }
+    ]
 
-  geo_location {
-    location          = var.primary_replica_location
-    failover_priority = var.is_primary_loc_set == null ? 0 : 1
+    content {
+      location          = geo_location.value.location
+      failover_priority = geo_location.value.failover_priority
+    }
   }
 
   backup {
diff --git a/infra/modules/providers/azure/cosmosdb/variables.tf b/infra/modules/providers/azure/cosmosdb/variables.tf
index 1e9fd0e0a6b842c54b3b166e00447b85b151bbc2..3b6c829f3be10d197b686aaba8c5809a9e811c50 100755
--- a/infra/modules/providers/azure/cosmosdb/variables.tf
+++ b/infra/modules/providers/azure/cosmosdb/variables.tf
@@ -112,3 +112,9 @@ variable "authorized_ip_ranges" {
   type        = list(string)
   default     = []
 }
+
+variable "enable_replication" {
+  type        = bool
+  default     = true
+  description = "Enable/disable geographic replication for the CosmosDB account"
+}
diff --git a/infra/templates/osdu-r3-mvp/central_resources/README.md b/infra/templates/osdu-r3-mvp/central_resources/README.md
index 62a4840fc49e43e230e4d5bb82d7ed8e7855fcf6..9c894a82c05504ea66a4c019a26cc7066db6591b 100644
--- a/infra/templates/osdu-r3-mvp/central_resources/README.md
+++ b/infra/templates/osdu-r3-mvp/central_resources/README.md
@@ -2,7 +2,7 @@
 
 The `osdu` - `central_resources` environment template is intended to provision to Azure resources for OSDU which are typically central to the architecture and can't be removed without destroying the entire OSDU deployment.
 
-__PreRequisites__
+### Prerequisites
 
 > If you have run the `common_prepare.sh` scripts then jump down to the section called Manually Provision.
 
@@ -54,8 +54,9 @@ Set up your local environment variables
 
 *Note: environment variables are automatically sourced by direnv*
 
-Required Environment Variables (.envrc)
+Environment Variables (.envrc)
 ```bash
+# Required Variables
 export ARM_TENANT_ID=""
 export ARM_SUBSCRIPTION_ID=""
 
@@ -70,19 +71,32 @@ export ARM_ACCESS_KEY=""
 
 # Instance Variables
 export TF_VAR_resource_group_location="centralus"
+
+# Disable Key Vault purge protection for development environments (Optional)
+export TF_VAR_keyvault_purge_protection_enabled=false
+
+# Disable CosmosDB geo-replication if not needed (Optional)
+export TF_VAR_cosmosdb_enable_replication=false
 ```
 
-Navigate to the `terraform.tfvars` terraform file. Here's a sample of the terraform.tfvars file for this template.
+### Optional Configuration Settings
 
-```HCL
-prefix                  = "osdu-mvp"
+Key Vault purge protection is enabled by default (`keyvault_purge_protection_enabled = true`). While this is recommended for production environments, it can make development more challenging as it prevents immediate deletion of Key Vaults.
 
-resource_tags = {
-   contact = "<your_name>"
-}
+CosmosDB geo-replication is enabled by default (`cosmosdb_enable_replication = true`). While this provides better availability and disaster recovery, it requires additional Azure quota and resources.
+
+These settings can also be configured using `custom.tfvars`:
+```HCL
+# custom.tfvars
+keyvault_purge_protection_enabled = false
+cosmosdb_enable_replication = false
 ```
 
-__Manually Provision__
+Choose the method that best fits your workflow:
+- `custom.tfvars` is ideal for version-controlled, environment-specific settings
+- `.envrc` is better for local development and machine-specific configurations
+
+### Manually Provision
 
 Execute the following commands to set up your terraform workspace.
 
diff --git a/infra/templates/osdu-r3-mvp/central_resources/main.tf b/infra/templates/osdu-r3-mvp/central_resources/main.tf
index 971741a25c988f6110f703ed100189c293948534..bb415a861b6bc9cf7ea8432ff290e37f10563d1c 100644
--- a/infra/templates/osdu-r3-mvp/central_resources/main.tf
+++ b/infra/templates/osdu-r3-mvp/central_resources/main.tf
@@ -61,7 +61,7 @@ provider "azurerm" {
   features {
     key_vault {
       recover_soft_deleted_key_vaults = true
-      purge_soft_delete_on_destroy    = false
+      purge_soft_delete_on_destroy    = true
       recover_soft_deleted_secrets    = true
     }
   }
@@ -149,10 +149,11 @@ resource "azurerm_resource_group" "main" {
 module "keyvault" {
   source = "../../../modules/providers/azure/keyvault"
 
-  keyvault_name                 = local.kv_name
-  public_network_access_enabled = var.backend_network_access_enabled == false ? true : true # As for now terraform manages the secrets, this cannot be disabled unless allowed_networks it is activated
-  resource_group_name           = azurerm_resource_group.main.name
-  resource_ip_whitelist         = local.backend_allowed_networks
+  keyvault_name                     = local.kv_name
+  public_network_access_enabled     = var.backend_network_access_enabled == false ? true : true # As for now terraform manages the secrets, this cannot be disabled unless allowed_networks it is activated
+  resource_group_name               = azurerm_resource_group.main.name
+  resource_ip_whitelist             = local.backend_allowed_networks
+  keyvault_purge_protection_enabled = var.keyvault_purge_protection_enabled
   secrets = {
     app-dev-sp-tenant-id = data.azurerm_client_config.current.tenant_id
   }
@@ -232,6 +233,7 @@ module "graph_account" {
   graph_databases            = var.cosmos_graph_databases
   graphs                     = var.cosmos_graphs
   cosmosdb_backup_redundancy = var.cosmosdb_backup_redundancy
+  enable_replication         = var.cosmosdb_enable_replication
 
   public_network_access_enabled = var.backend_network_access_enabled
 
diff --git a/infra/templates/osdu-r3-mvp/central_resources/variables.tf b/infra/templates/osdu-r3-mvp/central_resources/variables.tf
index 4d94585c0b4ac31cc6539a6574af5c8ca4d72757..a0752255b873c46331a2ec20a817577ad2415e30 100644
--- a/infra/templates/osdu-r3-mvp/central_resources/variables.tf
+++ b/infra/templates/osdu-r3-mvp/central_resources/variables.tf
@@ -188,3 +188,15 @@ variable "application_id_oauth2_permission_scopes" {
     "Application.Read.All"
   ]
 }
+
+variable "cosmosdb_enable_replication" {
+  type        = bool
+  description = "Enable/disable geographic replication for the CosmosDB account"
+  default     = true
+}
+
+variable "keyvault_purge_protection_enabled" {
+  type        = bool
+  description = "Enable purge protection for the key vault"
+  default     = true
+}