Ensure key size is set on all keys for Azure Key Vault Key

MEDIUM

Description

Azure Key Vault Key does not have key size set on keys. This ensure key security is maintained.

Remediation

Key sizes cannot be altered once they are created. To create a new key with a more secure key size, follow the steps below.

In Azure Console -

  1. Open the Azure Portal and go to Key Vaults.
  2. Choose the Key vault you wish to edit.
  3. Under Objects, select Keys.
  4. Generate or upload a new key with the appropriate key size.

In Terraform -

  1. In the azurerm_key_vault_key resource, create keys with a key_size of 2048 or greater.

References:
https://learn.microsoft.com/en-us/azure/key-vault/general/overview
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_key#key_size

Policy Details

Rule Reference ID: AC_AZURE_0251
CSP: Azure
Remediation Available: Yes
Resource Category: Management
Resource Type: Key Vault

Frameworks