Best practices

Customer Managed Key (CMK) not rotated

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

Oracle Cloud Infrastructure Vault securely stores master encryption keys that protect your encrypted data. You can use the Vault service to rotate keys to generate new cryptographic material. It was detected that vault {OciVault.Name} has a Customer Managed Key (CMK) that was not rotated in the last 365 days. Rotating keys annually limits the amount of data encrypted by one key version, and thereby reduces the risk in case a key is ever compromised.
  • Recommended Mitigation

    It is recommended to rotate the Customer Managed Key (CMK).