Skip to content

Secret Last Rotation Is Longer Than 90 Days

Eco-system support

  • AWS Secrets Manager

  • Azure Key Vault

  • GCP Secrets Manager

  • GitHub Action Secrets

  • Akeyless Vault

Description

Regularly rotating privileged secrets is crucial for protecting your business from malicious attacks. Without rotation, a malicious individual could gain access and use it to cause significant damage. Rotation makes unauthorized access much harder, keeping your organization secure.

Risk triggers

  • Secrets stored in vaults with an age older than 90 days (by default)

  • Age thresholds can be configured according to the policies of your organization

Mitigation

Secret Should Be Rotated and Updated in the Vault

Secrets should be constantly rotated to avoid a potential leak, misuse, and lack of compliance.

  • Inform the secret owner that his secret should be rotated.

  • Once the secret has been revoked and recreated, place it again in the vault in the same location and name so it can be used by the same workloads.