All keys in non-RBAC Azure Key Vaults should have an expiration time set

azure.keyvault
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

To enhance security, it is essential to ensure that all keys in non-role-based access control (RBAC) Azure Key Vaults have an expiration date set. Azure Key Vault allows users to securely store and utilize cryptographic keys in the Azure environment. By default, keys in the key vault never expire.

However, it is recommended to regularly rotate the keys and set explicit expiration dates for each key. This practice ensures that keys cannot be used beyond their designated lifetimes, reducing the risk of unauthorized use.

The impact of setting expiration dates for keys is that they will no longer be usable once their assigned expiration times are reached. It is important to periodically rotate the keys wherever they are utilized to maintain a high level of security.

Remediation

From the console

  1. Go to Key vaults.
  2. For each Key vault, click Keys.
  3. In the main pane, ensure that an appropriate Expiration date is set for any keys.
PREVIEWING: rtrieu/product-analytics-ui-changes