Authentication

User API keys are not rotated in the last 90 days

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

API keys are used by administrators, developers, services and scripts for accessing OCI APIs directly or via SDKs/OCI CLI to search, create, update or delete OCI resources. It was detected that user {OciUser.Name} has an access key that was not rotated in the last 90 days. A user API key needs to be rotated every 90 days or less in order to decrease the likelihood of accidental exposures and protect your resources against unauthorized access.
  • Recommended Mitigation

    It is recommended to delete any user API key that was not rotated in the last 90 days.