Azure Secret Expiration Not Enabled
Description
Identifies Azure Key Vault secrets that are enabled but do not have an expiration date configured. Secrets without expiration dates can remain valid indefinitely, increasing security risk if compromised and violating security best practices for secret rotation.
Detection Strategy
• Scans all secrets in Azure Key Vault instances
• Checks if the secret is currently enabled (attributes.enabled = true)
• Verifies if the secret has no expiration date set (attributes.expires is null/empty)
• Reports a vulnerability for each enabled secret that lacks an expiration date
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.