Secret Last Rotation Is Longer Than 90 Days
Eco-system support
-
AWS Secrets Manager
-
Azure Key Vault
-
GCP Secrets Manager
-
GitHub Action Secrets
-
Akeyless Vault
Description
Regularly rotating privileged secrets is crucial for protecting your business from malicious attacks. Without rotation, a malicious individual could gain access and use it to cause significant damage. Rotation makes unauthorized access much harder, keeping your organization secure.
Risk triggers
-
Secrets stored in vaults with an age older than 90 days (by default)
-
Age thresholds can be configured according to the policies of your organization
Mitigation
Secret Should Be Rotated and Updated in the Vault
Secrets should be constantly rotated to avoid a potential leak, misuse, and lack of compliance.
-
Inform the secret owner that his secret should be rotated.
-
Once the secret has been revoked and recreated, place it again in the vault in the same location and name so it can be used by the same workloads.