Detections
Analytics

Ensure that RSA keys have the specified minimum key size for Azure Key Vault Certificate

HIGH

Description

Not using specified minimum key size for Azure Key Vault Certificate keys may lead to data leak.

Remediation

Certificate key sizes cannot be altered once they are created. To create a new certificate with a more secure key size, follow the steps below.

In Azure Console -

  1. Open the Azure Portal and go to Key Vaults.
  2. Choose the Key vault you wish to edit.
  3. Under Objects, select Certificates.
  4. Generate or upload a new certificate with the appropriate key size.

In Terraform -

  1. In the azurerm_key_vault_certificate resource, create certificates with a key_properties.key_size of 2048 or greater.

References:
https://learn.microsoft.com/en-us/azure/key-vault/general/overview
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_certificate#key_properties

Policy Details

Rule Reference ID: AC_AZURE_0166
CSP: Azure
Remediation Available: Yes
Domain: Compliance Validation
Resource: azurerm_key_vault_certificate
Resource Category: Management
Resource Type: Key Vault

Frameworks