Keys are about to expire and need rotation
More Info:
In Microsoft Azure Key Vault, check for any keys that are about to expire and rotate them by creating a new version of these keys.Risk Level
MediumAddress
Operational Maturity, SecurityCompliance Standards
GDPR, ISO27001, HITRUST, SOC2, NISTCSF, PCIDSSTriage and Remediation
Remediation
Using Console
Using Console
To remediate the issue of keys about to expire and need rotation in Azure using the Azure console, you can follow the below steps:
- Login to the Azure portal using your credentials.
- Navigate to the resource group where the key is stored.
- Select the key that needs to be rotated.
- Click on the “Rotate” button at the top of the page.
- Follow the on-screen instructions to complete the key rotation process.
- Once the key rotation process is complete, update the application or service that uses the key with the new key.
Using CLI
Using CLI
To remediate the misconfiguration of expiring keys in Azure using Azure CLI, follow the below steps:
- Open the Azure CLI in your terminal or command prompt.
- Log in to your Azure account using the command “az login”.
- Once you are logged in, run the command “az account list” to see the list of all your Azure subscriptions.
- Select the subscription that has the expiring keys using the command
az account set --subscription <subscription_id>. - Check the current status of the keys using the command
az ad sp credential list --id <service_principal_id>. - Create a new key using the command
az ad sp credential reset --name <service_principal_id>. - The above command will return a JSON object that contains the new key. Copy the value of the “value” field.
- Update the key value in your application or service that is using the service principal.
- Verify that the new key is working by running a test on your application or service.
Using Python
Using Python
To remediate the issue of key expiration and rotation for Azure using Python, you can follow the below steps:Replace the placeholders in the code with the appropriate values for your Azure subscription, resource group, and storage account.These steps will help you remediate the issue of key expiration and rotation for Azure using Python.
- Install the Azure SDK for Python using the following command:
- Authenticate with Azure using Azure Active Directory credentials. You can use the following code snippet to authenticate:
- Retrieve the list of expired keys using the following code snippet:
- Rotate the expired keys using the following code snippet: