Key Vault secrets should have an expiration date¶
By default, Key Vault secrets do not expire, which can be a security issue if secrets are compromised. As a best practice, an explicit expiration date should be set for secrets and secrets should be rotated.
Navigate to Key Vault.
Select the Key.
In the left navigation under Settings, select Secrets.
Select the active secret and set enabled to Yes.
Set the expiration date.
To set the Key Vault key to have an expiration date:
az keyvault secret set-attributes --name <secretName> --vault-name <vaultName> --expires Y-m-d'T'H:M:S'Z'