Ensure that all the encryption keys available within your Microsoft Azure Key Vault have an expiration time set in order to follow security best practices and promote encryption key rotation. The expiration attribute configured for an encryption key identifies the expiration date and time after which the key must not be used anymore for a cryptographic operations.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Microsoft Azure Key Vault enables you to store and use encryption keys within your Azure cloud environment. By default, the encryption keys stored within a vault never expire. Therefore, Cloud Conformity highly recommends that you configure all your keys with an explicit expiration time, so that these keys can't be used beyond their assigned lifetime. This should significantly reduce the chance that a compromised key could be used without your knowledge to access valuable Azure cloud resources.
To determine if your Azure Key Vault encryption keys have an expiration time set, perform the following:
Remediation / Resolution
To configure an expiration date for all your Microsoft Azure encryption keys in order to enforce periodic rotation, perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Set Encryption Key Expiration
Risk level: Medium