Ensure that the expiration date is set on all keys
Expiration Date is an optional Key Vault Key behavior and is not set by default.
Set when the resource will be become inactive.
Impact
Long life keys increase the attack surface when compromised
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
-
Log into the Microsoft Azure Management Console.
-
Select the “Search resources, services, and docs” option at the top and search for Key Vault .
-
On the “Key vault” page, select the “Key Vault” for which keys need to be verified.
-
On the “Key vaults-test-vault-azure” page, scroll down the left navigation panel and choose the “Keys” option.
-
On the “Key vaults-test-vault-azure - Keys” page, select the key and check for the “Expiration Date”. If no “Expiration Date” is showing then the select “Key” do not have “Key Expiration Enabled.”
-
Repeat steps number 2 - 5 to verify other “Keys” in the “Key vaults."
-
Navigate to the “Key vault”, scroll down the left naviagtion panel and choose the “Keys” option.
-
Select the “Key” which needs to have “Key Expiration Enabled” by clicking on the “Name” as a link option.
-
On the “Key vaults - Keys” page click on the “Current Version” of the selected key.
-
On the selected “key” page, click on the “Activation Date” and select the “Date and Time” accordingly. Select the “Set expiration date” and “Time” as per the requirements under the “Settings” tab.
-
Click on the “Save” button at the top to make the changes.
-
Repeat steps number 7 - 11 to enable “Key Expiration” for all the keys in the account.
Set an expiration date on the vault key
|
|