Control: Azure > Key Vault > Key > Expiration

Define the expiration setting required for Azure > Key Vault > Key.

Enabling key expiration ensures compliance with security policies by validating that all keys are configured to expire, thereby preventing unauthorized, prolonged use of outdated or potentially compromised keys.

Resource Types

This control targets the following resource types:

Azure > Key Vault > Key

Policies

The following policies can be used to configure this control:

Azure > Key Vault > Key > Expiration

This control type relies on these other policies when running actions:

Azure > Key Vault > Key > Expiration > Days [Default]

Permissions

Cloud permissions used by this control and its actions:

microsoft.keyvault/vaults/keys/update/action

In Your Workspace

Developers

Control Type URI

tmod:@turbot/azure-keyvault#/control/types/keyExpiration

Category URI

tmod:@turbot/turbot#/control/categories/security

GraphQL

query controlType(id: "tmod:@turbot/azure-keyvault#/control/types/keyExpiration") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/azure-keyvault#/control/types/keyExpiration'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-keyvault#/control/types/keyExpiration"