All secrets in Non-RBAC Azure Key Vault should have an expiration time set

azure.keyvault
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

To improve security, it is essential to ensure that all secrets in non-role-based access control (RBAC) Azure Key Vaults have an expiration date set. Azure Key Vault provides a secure way to store and manage secrets in the Microsoft Azure environment. By default, secrets in the key vault do not have an expiration date.

To mitigate the risk of unauthorized use and maintain data integrity, it is recommended to regularly rotate the secrets and assign explicit expiration dates. This practice ensures that the secrets cannot be used beyond their designated lifetimes, enhancing overall security.

The impact of setting expiration dates for secrets is that they will become invalid and unusable once their assigned expiry dates are reached. It is important to periodically rotate the secrets wherever they are utilized to ensure continued security.

Remediation

From the console

  1. Go to Key vaults.
  2. For each key vault, click Secrets.
  3. In the main pane, ensure that an appropriate Expiration date is set for any secrets.
PREVIEWING: aliciascott/DOCS-9725-Cloudcraft