All secrets in RBAC Azure Key Vault should have an expiration time set

azure.keyvault
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

To enhance security, it is crucial to ensure that all secrets in role-based access control (RBAC) Azure Key Vaults have an expiration date set. Azure Key Vault provides a secure storage solution for secrets in the Microsoft Azure environment. By default, secrets in the key vault do not have an expiration date.

To mitigate the risk of unauthorized use, it is recommended to regularly rotate the secrets and set explicit expiration dates. This ensures that the secrets cannot be used beyond their designated lifetimes, increasing the overall security posture.

The impact of setting expiration dates for secrets is that they will become invalid and unusable once their assigned expiry dates are reached. It is important to periodically rotate the secrets wherever they are utilized to maintain a strong security foundation.

Remediation

From the console

  1. Go to Key vaults.
  2. For each key vault, click Secrets.
  3. In the main pane, ensure that an appropriate Expiration date is set for any secrets.