Automatic Key Management

Configuring security keys to expire after a period of inactivity prevents the buildup of stale credentials. Employees and automated systems frequently generate keys that are eventually forgotten as roles change or projects end. Without automated expiration, these dormant keys provide otherwise permanent access. If an attacker discovers one of these forgotten keys, they can gain that access without seeming suspicious or triggering intrusion detection systems.

Automated expiration directly supports compliance with rigorous industry standards, which require regular rotation and verification of cryptographic keys. With an automated policy to remove unused keys, businesses can reduce their attack surface and decrease the blast radius of a potential compromise. Automatic key management forces a lifecycle where keys are either actively maintained by their owners or automatically revoked.

Key Lifecycle Rules let you define policies to automatically remove dormant security keys, either SSH keys or GPG/PGP keys.

Key Lifecycle Rules

Only Site Administrators can define and manage Key Lifecycle Rules. The Site Administrator chooses which type of key each rule affects, either SSH keys or GPG/PGP keys.

In addition to the key type, each rule must also specify the number of days the key can be unused before it will be removed automatically. For an SSH key, this represents how long since the key was used by a user account to connect to your site. For a GPG/PGP key, this represents the time since the key was used for a cryptographic operation (encryption, decryption or recryption).

Effects of Key Removal

When GPG/PGP keys are removed by a lifecycle rule, automatic encryption, decryption or recryption behaviors that use that key are not removed. When a new file operation triggers a behavior that uses a deleted key, the GPG cryptography will fail, generating an alert email for site administrators.

When an SSH key is removed, the user account associated with the key is not disabled or removed. If the user account has no other authentication methods or valid keys, it will no longer be able to connect. Only SSH keys that are associated with a user account are affected by lifecycle rules; any SSH keys that you have stored in Remote Server configurations are not deleted by lifecycle rules.