Token Last Rotation Is Longer Than 90 Days
Eco-system support
-
AWS Secrets Manager
-
Azure Key Vault
-
GCP Secrets Manager
-
GitHub Personal Access Token
-
AWS IAM Access Token
-
Okta application secret
Description
Regularly rotating privileged secrets is crucial for protecting your business from malicious attacks. Without rotation, a malicious individual could gain access and use it to cause significant damage. Rotation makes unauthorized access much harder, keeping your organization secure.
Risk triggers
-
AWS IAM, or GitHub PAT tokens with an age older than 90 days (by default)
-
Age thresholds can be configured according to the policies of your organization
Mitigation
Tokens Should Be Revoked and Re-Created
Tokens should be constantly rotated to avoid a potential leak, misuse, and lack of compliance.
-
Inform the token owner that his token should be rotated.
-
Replace the token in all previous locations it was stored in once it has been revoked and recreated.