Ensure that Azure Storage account access keys are regenerated every 90 days in order to decrease the likelihood of accidental exposures and protect your storage account resources against unauthorized access.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
When a Microsoft Azure Storage account is created, Azure generates two 512-bit storage access keys to be used for authentication when storage resources such as blobs, files, tables and queues are accessed by applications. Rotating these credentials periodically will significantly reduce the chances that a compromised set of access keys can be used without your knowledge to access resources available in your storage account.
Note: Regenerating storage account access keys can affect services or applications that are dependent on these keys. All clients that use these access keys to access your storage account resources must be updated to use the new keys.
To determine if your storage account access keys are periodically regenerated (by default, every 90 days), perform the following actions:
Remediation / Resolution
To regenerate your Azure Storage account access keys in order to ensure that any inadvertent access or exposure does not result in these credentials being compromised, perform the following actions:
- Azure Official Documentation
- Create a storage account
- Manage storage account settings in the Azure portal
- CIS Microsoft Azure Foundations
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Regenerate Storage Account Access Keys Periodically
Risk level: Medium