CSMS Secrets Have Been Rotated Within the Specified Period
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
csms-secrets-periodic-rotation |
|
Identifier |
csms-secrets-periodic-rotation |
|
Description |
If a CSMS secret has not been rotated within the specified period, this secret is noncompliant. |
|
Tag |
csms |
|
Trigger Type |
Periodic |
|
Filter Type |
csms.secrets |
|
Configure Rule Parameters |
maxRotationDays: maximum number of days that a secret is allowed to remain not rotated. The default value is 90. |
Applicable Scenario
Secret rotation enables you to periodically rotate your secret, so that even if your secret is leaked, unauthorized users can only use your secret during the non-rotated period. You are advised to configure a proper rotation interval for your secrets.
Solution
You can enable automatic secret rotation and configure a proper rotation policy and interval.
Rule Logic
- If less time has passed since a CSM secret was created than the specified period, the secret is compliant.
- If more time has passed since a CSM secret was created than the specified period, and within the specified period, the secret has not been rotated, the secret is noncompliant.
- If more time has passed since a CSM secret was created than the specified period, and within the specified period, the secret has been rotated, the secret is compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
