# How to resolve Sprinto check to set expiration date for keys from RBAC key vault

### About:

Sprinto check: Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults

The above-mentioned Sprinto check verifies that all keys stored in your Azure Key Vaults with role-based access control (RBAC) enabled have an expiration date set. Setting an expiration date for keys is a security best practice that ensures keys are automatically rotated or revoked after a specified period.

### Purpose:

The purpose of this check is to enforce key rotation and improve the overall security posture of your Azure Key Vaults with RBAC enabled. By setting expiration dates for keys, you can mitigate the risk of key compromise or misuse by ensuring that keys have a limited lifespan. This practice helps maintain the confidentiality and integrity of your encrypted data and reduces the potential impact of a security breach.

### How to fix this check:

Follow the below steps to resolve this check:

#### Before you begin

* Ensure you have the administrator privilege to manage Azure Key Vaults and keys.

#### Setting Key Expiration Dates

1. Log in to the [Azure portal](https://azure.microsoft.com/en-in/get-started/azure-portal) using your credentials.
2. Navigate to the Key vaults service.
3. Select a key vault from the list to configure.

   <figure><img src="https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/72098968324/original/IwJpCXy6Jnt-mveCOdA1M8P6sopkRz-shA.png?1716370811" alt="" width="563"><figcaption></figcaption></figure>
4. Click on Keys under Objects from the left-side navigation bar.

   <figure><img src="https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/72098968355/original/HKkYaa02cS4alfV1iztuIH7qfhlmnPQPaQ.png?1716370832" alt=""><figcaption></figcaption></figure>
5. Ensure all the active role-based access control (RBAC) keys have a configured expiration date. Set an expiration date for any key that does not have one.
6. Click Save to apply the changes.
7. Repeat the above steps for all key vaults on your Azure account.

Sprinto will detect the configuration change and set the check status to "Passing.”\
Contact [Sprinto support](mailto:www.support@sprinto.com) if you have any queries related to the check or need assistance.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sprinto.com/monitors/encryption-and-backup-monitoring/how-to-resolve-sprinto-check-to-set-expiration-date-for-keys-from-rbac-key-vault.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.