All keys in non-RBAC Azure Key Vaults should have an expiration time set


To enhance security, it is essential to ensure that all keys in non-role-based access control (RBAC) Azure Key Vaults have an expiration date set. Azure Key Vault allows users to securely store and utilize cryptographic keys in the Azure environment. By default, keys in the key vault never expire.

However, it is recommended to regularly rotate the keys and set explicit expiration dates for each key. This practice ensures that keys cannot be used beyond their designated lifetimes, reducing the risk of unauthorized use.

The impact of setting expiration dates for keys is that they will no longer be usable once their assigned expiration times are reached. It is important to periodically rotate the keys wherever they are utilized to maintain a high level of security.


From the console

  1. Go to Key vaults.
  2. For each Key vault, click Keys.
  3. In the main pane, ensure that an appropriate Expiration date is set for any keys.