Authentication

User API keys are not rotated in the last 90 days

Risk Level

Informational (4)

Platform(s)

  • N/A

Compliance Frameworks

Description

API keys are used by administrators, developers, services and scripts for accessing OCI APIs directly or via SDKs/OCI CLI to search, create, update or delete OCI resources. It was detected that user {OciUser.Name} has an access key that was not rotated in the last 90 days. A user API key needs to be rotated every 90 days or less in order to decrease the likelihood of accidental exposures and protect your resources against unauthorized access.

  • Recommended Mitigation

    It is recommended to delete any user API key that was not rotated in the last 90 days.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.