Ensure secrets have content type set for Azure Key Vault Secret

MEDIUM

Description

Without content type tag, it would be difficult to figure out type of secret in Azure Key Vault Secret.

Remediation

In Azure Console -

Open the Azure Portal and go to Key Vaults.
Choose the Key vault you wish to edit.
Under Objects, select Secrets.
Select the secret you wish to update.
Add a value for Content type and select Save.

In Terraform -

In the azurerm_key_vault_secret resource, set the content_type field as needed.

References:
https://learn.microsoft.com/en-us/azure/key-vault/general/overview
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret#content_type

Policy Details

Rule Reference ID: AC_AZURE_0162

CSP: Azure

Remediation Available: Yes

Domain: Security Best Practices

Resource: azurerm_key_vault_secret

Resource Category: Management

Resource Type: Key Vault

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
ISO-27001