Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults
Why This Matters
Encryption keys in Azure Key Vault that lack expiration dates can remain active indefinitely, increasing the risk of key compromise and unauthorized access to protected data. Setting expiration dates enforces a key rotation policy, ensuring keys are retired after their intended lifecycle. Without this control, old or forgotten keys may still be used for encryption, wrapping, or signing operations, violating security best practices.
What Aether365 Checks
Aether365 verifies that every key in a non-RBAC Azure Key Vault has an expiration date configured. This check appears in the Aether365 dashboard under the azure-azure-keyvault checks category.