How to resolve Sprinto check to set expiration date for keys from RBAC key vault

About:

Sprinto check: Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults

The above-mentioned Sprinto check verifies that all keys stored in your Azure Key Vaults with role-based access control (RBAC) enabled have an expiration date set. Setting an expiration date for keys is a security best practice that ensures keys are automatically rotated or revoked after a specified period.

Purpose:

The purpose of this check is to enforce key rotation and improve the overall security posture of your Azure Key Vaults with RBAC enabled. By setting expiration dates for keys, you can mitigate the risk of key compromise or misuse by ensuring that keys have a limited lifespan. This practice helps maintain the confidentiality and integrity of your encrypted data and reduces the potential impact of a security breach.

How to fix this check:

Follow the below steps to resolve this check:

Before you begin

• Ensure you have the administrator privilege to manage Azure Key Vaults and keys.

Setting Key Expiration Dates

1. Log in to the Azure portal using your credentials.

2. Navigate to the Key vaults service.

3. Select a key vault from the list to configure.

   
4. Click on Keys under Objects from the left-side navigation bar.

   
5. Ensure all the active role-based access control (RBAC) keys have a configured expiration date. Set an expiration date for any key that does not have one.

6. Click Save to apply the changes.

7. Repeat the above steps for all key vaults on your Azure account.

Sprinto will detect the configuration change and set the check status to "Passing.” Contact Sprinto support if you have any queries related to the check or need assistance.