Policy: Azure > CIS v4.0 > 10 - Storage Services > 10.03 - Storage Accounts > 10.03.01 - Secrets and Keys

This subsection covers security recommendations for managing storage account access keys and secrets. These recommendations focus on enabling key rotation reminders, periodically regenerating access keys, and disabling shared key access in favor of Azure AD authentication.

Primary Policy

This policy is used with the following primary policy:

Azure > CIS v4.0 > 10 - Storage Services > 10.03 - Storage Accounts

Policy Specification

Schema Type	`string`
Default	`Per Azure > CIS v4.0 > 10 - Storage Services > 10.03 - Storage Accounts`
Valid Values [YAML]	`Per Azure > CIS v4.0 > 10 - Storage Services > 10.03 - Storage Accounts` `Skip` `Check: All CIS Benchmarks except attestations` `Check: All CIS Benchmarks`

Schema Type

string

Default

Per Azure > CIS v4.0 > 10 - Storage Services > 10.03 - Storage Accounts

Valid Values [YAML]

Per Azure > CIS v4.0 > 10 - Storage Services > 10.03 - Storage Accounts

Skip

Check: All CIS Benchmarks except attestations

Check: All CIS Benchmarks

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/cis#/control/categories/cis

Policy Type URI

tmod:@turbot/azure-cisv4-0#/policy/types/s100301

GraphQL

query policyType(id: "tmod:@turbot/azure-cisv4-0#/policy/types/s100301") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-cisv4-0#/policy/types/s100301'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-cisv4-0#/policy/types/s100301'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/azure-cisv4-0#/policy/types/s100301"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv4-0#/policy/types/s100301"

Policy: Azure > CIS v4.0 > 10 - Storage Services > 10.03 - Storage Accounts > 10.03.01 - Secrets and Keys

Primary Policy

Related Policies

Policy Specification

Category

In Your Workspace

Developers