Remediation
From Google Cloud Consoleβ
- Go to
Cryptographic Keysby visiting: https://console.cloud.google.com/security/kms. - Click the specific key ring.
- From the list of keys, select the key and click the More actions menu (three dots).
- Click on
Edit rotation period. - In the dialog, select a new rotation period in days that is less than 90, then choose the
Starting ondate.
From Google Cloud CLIβ
-
Update and schedule rotation by
ROTATION_PERIODandNEXT_ROTATION_TIMEfor each key:gcloud kms keys update new \
--keyring={{key-ring}} \
--location=LOCATION \
--next-rotation-time={{next-rotation-time}} \
--rotation-period={{rotation-period}}