To remediate the KMS Encryption Keys rotation issue in GCP using GCP CLI, you can follow the below steps:

1. Open the Google Cloud Console and select the project in which you want to remediate the issue.

2. Open the Cloud Shell by clicking on the icon located at the top right corner of the console.

3. Run the following command to list all the KMS encryption keys in your project:

gcloud kms keys list

4. Identify the key that needs to be rotated.

5. Run the following command to rotate the key:

gcloud kms keys rotate [KEY_NAME] --location [LOCATION] --keyring [KEYRING_NAME]

Replace [KEY_NAME], [LOCATION], and [KEYRING_NAME] with the actual values of the key that needs to be rotated.

6. Confirm the rotation by running the following command:

gcloud kms keys describe [KEY_NAME] --location [LOCATION] --keyring [KEYRING_NAME]

This command will display the details of the key, including the rotation period.

7. Repeat steps 5 and 6 for all the KMS encryption keys that need to be rotated.

By following these steps, you will be able to remediate the KMS Encryption Keys rotation issue in GCP using GCP CLI.

To remediate this issue in GCP using Python, you can follow these steps:

1. Install the necessary libraries:

pip install google-cloud-kms google-auth

2. Authenticate with the GCP project:

from google.oauth2 import service_account

credentials = service_account.Credentials.from_service_account_file('path/to/service_account.json')

3. Retrieve the list of KMS keys in the project:

from google.cloud import kms_v1

client = kms_v1.KeyManagementServiceClient(credentials=credentials)
parent = client.key_ring_path(project_id, location_id, key_ring_id)

keys = client.list_crypto_keys(parent)

4. For each key, check the creation time and determine if it needs to be rotated:

from datetime import datetime, timedelta

for key in keys:
    create_time = datetime.strptime(key.create_time.strftime('%Y-%m-%d %H:%M:%S.%f'), '%Y-%m-%d %H:%M:%S.%f')
    if datetime.now() - create_time > timedelta(days=365):
        # Key needs to be rotated
        # Generate a new key version
        response = client.create_crypto_key_version(key.name)

5. Finally, delete the old key versions:

for key in keys:
    versions = client.list_crypto_key_versions(key.name)
    for version in versions:
        create_time = datetime.strptime(version.create_time.strftime('%Y-%m-%d %H:%M:%S.%f'), '%Y-%m-%d %H:%M:%S.%f')
        if datetime.now() - create_time > timedelta(days=365):
            # Delete the key version
            client.destroy_crypto_key_version(version.name)

Note: Replace project_id, location_id, and key_ring_id with the appropriate values for your GCP project. Also, make sure that the service account used for authentication has the necessary permissions to manage KMS keys.