A KMS key is not configured to auto-rotate.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | kms |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
KMS keys are not configured with automatic rotation, resulting in cryptographic keys being used for extended periods without change. This increases the risk associated with key compromise due to prolonged exposure.
Impact#
If a long-lived KMS key is compromised, an attacker could decrypt sensitive data or perform unauthorized actions for as long as the key remains active. Failure to rotate keys regularly increases the attack surface and the window of opportunity for misuse.
Resolution#
Configure KMS key to auto rotate