All secrets in Non-RBAC Azure Key Vault should have an expiration time set

azure.keyvault
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

To improve security, it is essential to ensure that all secrets in non-role-based access control (RBAC) Azure Key Vaults have an expiration date set. Azure Key Vault provides a secure way to store and manage secrets in the Microsoft Azure environment. By default, secrets in the key vault do not have an expiration date.

To mitigate the risk of unauthorized use and maintain data integrity, it is recommended to regularly rotate the secrets and assign explicit expiration dates. This practice ensures that the secrets cannot be used beyond their designated lifetimes, enhancing overall security.

The impact of setting expiration dates for secrets is that they will become invalid and unusable once their assigned expiry dates are reached. It is important to periodically rotate the secrets wherever they are utilized to ensure continued security.

Remediation

From the console

  1. Go to Key vaults.
  2. For each key vault, click Secrets.
  3. In the main pane, ensure that an appropriate Expiration date is set for any secrets.