Description

The secrets stored in Azure Key Vault do not set an expiration date.

Impact

Increase the chances of compromising sensitive secrets of the system.

Recommendation

Define an expiration date for Azure secrets by setting the expiration_date property.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 60 minutes.

Details

https://docs.bridgecrew.io/docs/set-an-expiration-date-on-all-secrets

Requirements

Fixes