Skip to content

Token Last Rotation Is Longer Than 90 Days

Eco-system support

  • AWS Secrets Manager

  • Azure Key Vault

  • GCP Secrets Manager

  • GitHub Personal Access Token

  • AWS IAM Access Token

  • Okta application secret

Description

Regularly rotating privileged secrets is crucial for protecting your business from malicious attacks. Without rotation, a malicious individual could gain access and use it to cause significant damage. Rotation makes unauthorized access much harder, keeping your organization secure.

Risk triggers

  • AWS IAM, or GitHub PAT tokens with an age older than 90 days (by default)

  • Age thresholds can be configured according to the policies of your organization

Mitigation

Tokens Should Be Revoked and Re-Created

Tokens should be constantly rotated to avoid a potential leak, misuse, and lack of compliance.

  • Inform the token owner that his token should be rotated.

  • Replace the token in all previous locations it was stored in once it has been revoked and recreated.