All secrets in RBAC Azure Key Vault should have an expiration time set

Description

To enhance security, it is crucial to ensure that all secrets in role-based access control (RBAC) Azure Key Vaults have an expiration date set. Azure Key Vault provides a secure storage solution for secrets in the Microsoft Azure environment. By default, secrets in the key vault do not have an expiration date.

To mitigate the risk of unauthorized use, it is recommended to regularly rotate the secrets and set explicit expiration dates. This ensures that the secrets cannot be used beyond their designated lifetimes, increasing the overall security posture.

The impact of setting expiration dates for secrets is that they will become invalid and unusable once their assigned expiry dates are reached. It is important to periodically rotate the secrets wherever they are utilized to maintain a strong security foundation.

Remediation

From the console

  1. Go to Key vaults.
  2. For each key vault, click Secrets.
  3. In the main pane, ensure that an appropriate Expiration date is set for any secrets.