AzPolicyAdvertizer

last sync: 2025-Jul-25 17:39:48 UTC

Keys should have more than the specified number of days before expiration

Azure BuiltIn Policy definition

Source Azure Portal
Display name Keys should have more than the specified number of days before expiration
Id 5ff38825-c5d8-47c5-b70e-069a21955146
Version 1.0.1
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.1
Built-in Versioning [Preview]
Category Key Vault
Microsoft Learn
Description If a key is too close to expiration, an organizational delay to rotate the key may result in an outage. Keys should be rotated at a specified number of days prior to expiration to provide sufficient time to react to a failure.
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.0.1'
Repository: Azure-Policy 5ff38825-c5d8-47c5-b70e-069a21955146
Mode Microsoft.KeyVault.Data
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types none
Compliance Not a Compliance control
Initiatives usage
Rows: 1-1 / 1
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 1
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
Enforce recommended guardrails for Azure Key Vault Enforce-Guardrails-KeyVault Key Vault GA ALZ
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-08-30 14:27:30 change Patch, old suffix: preview (1.0.0-preview > 1.0.1)
2020-10-16 12:27:50 add 5ff38825-c5d8-47c5-b70e-069a21955146
JSON compare
compare mode: version left: version right:
1.0.0-preview → 1.0.1 RENAMED
@@ -1,13 +1,12 @@
1
  {
2
- "displayName": "[Preview]: Keys should have more than the specified number of days before expiration",
3
  "policyType": "BuiltIn",
4
  "mode": "Microsoft.KeyVault.Data",
5
  "description": "If a key is too close to expiration, an organizational delay to rotate the key may result in an outage. Keys should be rotated at a specified number of days prior to expiration to provide sufficient time to react to a failure.",
6
  "metadata": {
7
- "version": "1.0.0-preview",
8
- "category": "Key Vault",
9
- "preview": true
10
  },
11
  "parameters": {
12
  "minimumDaysBeforeExpiration": {
13
  "type": "Integer",
 
1
  {
2
+ "displayName": "Keys should have more than the specified number of days before expiration",
3
  "policyType": "BuiltIn",
4
  "mode": "Microsoft.KeyVault.Data",
5
  "description": "If a key is too close to expiration, an organizational delay to rotate the key may result in an outage. Keys should be rotated at a specified number of days prior to expiration to provide sufficient time to react to a failure.",
6
  "metadata": {
7
+ "version": "1.0.1",
8
+ "category": "Key Vault"
 
9
  },
10
  "parameters": {
11
  "minimumDaysBeforeExpiration": {
12
  "type": "Integer",
JSON
api-version=2021-06-01
EPAC 
{7 items
  • displayName: "Keys should have more than the specified number of days before expiration",
  • policyType: "BuiltIn",
  • mode: "Microsoft.KeyVault.Data",
  • description: "If a key is too close to expiration, an organizational delay to rotate the key may result in an outage. Keys should be rotated at a specified number of days prior to expiration to provide sufficient time to react to a failure.",
  • metadata: {2 items
    • version: "1.0.1",
    • category: "Key Vault"
    },
  • parameters: {2 items},
  • policyRule: {2 items
    • if: {1 item
      • allOf: [3 items
        • {2 items
          • field: "type",
          • equals: "Microsoft.KeyVault.Data/vaults/keys"
          },
        • {2 items
          • field: "Microsoft.KeyVault.Data/vaults/keys/attributes.expiresOn",
          • exists: true
          },
        • {2 items
          • field: "Microsoft.KeyVault.Data/vaults/keys/attributes.expiresOn",
          • less: 🔍"[
    addDays(
        utcNow(),
        parameters('minimumDaysBeforeExpiration')
    )
]"
          }
        ]
      },
    • then: {1 item
      • effect: "[parameters('effect')]"
      }
    }
}