CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFailure to enable automatic key rotation in Azure Key Vault may result in the prolonged use of potentially compromised keys, increasing the risk of unauthorized data access. Automatic rotation helps maintain key freshness and reduces the window of opportunity for attackers to exploit static keys.
Set the rotation_policy.automatic
attribute in azurerm_key_vault_key
resource.
data "azurerm_resource_group" "snyk" {
name = "Snyk-phase4"
}
data "azurerm_client_config" "current" {}
resource "azurerm_key_vault" "snyk-vault" {
name = "snyk00791-policy"
location = data.azurerm_resource_group.snyk.location
resource_group_name = data.azurerm_resource_group.snyk.name
tenant_id = data.azurerm_client_config.current.tenant_id
sku_name = "premium"
soft_delete_retention_days = 7
access_policy {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
key_permissions = [
"Create",
"Delete",
"Get",
"Purge",
"Recover",
"Update",
"GetRotationPolicy",
"SetRotationPolicy"
]
secret_permissions = [
"Set",
]
}
}
resource "azurerm_key_vault_key" "allowed" {
name = "keyvault-snyk00791"
key_vault_id = azurerm_key_vault.snyk-vault.id
key_type = "RSA"
key_size = 2048
key_opts = [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
]
rotation_policy {
automatic {
time_before_expiry = "P30D"
}
expire_after = "P90D"
notify_before_expiry = "P29D"
}
}