| Plugin Title | Key Expiration Enabled |
| Cloud | AZURE |
| Category | Key Vaults |
| Description | Ensure that all Keys in Azure Key Vault have an expiry time set. |
| More Info | Setting an expiry time on all keys forces key rotation and removes unused and forgotten keys from being used. |
| AZURE Link | https://docs.microsoft.com/en-us/azure/key-vault/about-keys-secrets-and-certificates |
| Recommended Action | Ensure each Key Vault has an expiry time set that provides for sufficient rotation. |
- Log into the Microsoft Azure Management Console.
- In the search bar at the top search for Vaults and select "Key Vaults" from the search result.
- In the Key Vaults page select a key vault by clicking on the "Name" link to access the configuration changes.
- Scroll down and click "Keys" from the navigation pane on the left. Then, from the list of keys, select key with no expiration date under "Expiration date" column.
- In the key versions pane that opens, click "Rotation Policy" button at the top.
- In the Rotation policy pane, click on the Expiry time textbox and enter 28. From the units dropdown next to the textbox, select "days".
- Under the Rotation section, "Enable auto rotation" by selecting the "Enabled" radio button.
- Select "Automatically renew at a given time after creation" for "Rotation option".
- For "Rotation time" enter 18 and select "days" as the unit of time.
- Finally, hit "Save" at the top of the pane to complete the changes.
- Repeat step number 3 - 10 for all other key vaults and keys without expiration date.
