Ensure that all the secret keys available within your Microsoft Azure Key Vault have an expiration date/time set in order to follow security best practices and promote secret key rotation. The expiration parameter configured for an Azure secret identifies the expiration time after which the secret key must not be used anymore for storing sensitive data such as passwords and database connection strings.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
Microsoft Azure Key Vault enables you to store and keep secrets within your Azure cloud environment. By default, these secret keys never expire, therefore it is strongly recommended to configure all the secret keys with an explicit expiration date/time to enforce secret rotation as an additional layer of protection. This should significantly reduce the chance that a compromised secret could be used without your knowledge to access important Azure resources such as SQL databases.
To determine if your Azure Key Vault secret keys have an expiration time set, perform the following actions:
Remediation / Resolution
To configure an expiration date and time for your Microsoft Azure secrets in order to enforce periodic rotation of secret keys, perform the following actions:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Set Azure Secret Key Expiration
Risk level: Medium