All keys in RBAC Azure Key Vault should have an expiration time set

azure.keyvault
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

Ensure that all keys in Role Based Access Control (RBAC) Azure Key Vaults have an expiration date set. The exp (expiration date) attribute identifies the expiration date on or after which the key must not be used for encryption of new data, wrapping of new keys, or signing. By default, keys never expire. It is thus recommended that keys be rotated in the key vault and assigned an explicit expiration date for all keys to help enforce the key rotation. This encourages rotation and ensures that the keys cannot be used indefinitely in the event of a leak.

Remediation

To add an expiration date to an Azure Key Vault, follow these steps:

  1. Go to Key vaults.
  2. For each Key vault, click Keys.
  3. In the main pane, ensure that an appropriate Expiration date is set for any keys that are Enabled.