Key Vault keys should have an expiration date¶
Description¶
By default, Key Vault keys do not expire, which can be a security issue if keys are compromised. As a best practice, an explicit expiration date should be set for keys and keys should be rotated.
Remediation Steps¶
Azure Portal¶
Navigate to Key Vault.
Select the Key.
In the left navigation under Settings, select Keys.
Set enabled to Yes and set the expiration date.
Azure CLI¶
To set the Key Vault key to have an expiration date:
az keyvault key set-attributes --name <keyName> --vault-name <vaultName> --expires Y-m-d'T'H:M:S'Z'