azure-vault-key-expiry¶
Ensure that the expiration date is set on all keys
It is a recommended best practice to always ensure that your Azure Key Vault keys are configured with an expiry which defines a date after which the key may no longer be used for storing sensitive and confidential data.
Examples¶
Insecure Example
resource "azurerm_key_vault_key" "generated" {
name = "generated-certificate"
key_vault_id = azurerm_key_vault.example.id
key_type = "RSA"
key_size = 2048
key_opts = [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
]
expiration_date = null # (default is to not expire)
}
Secure Example
resource "azurerm_key_vault_key" "generated" {
name = "generated-certificate"
key_vault_id = azurerm_key_vault.example.id
key_type = "RSA"
key_size = 2048
key_opts = [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
]
expiration_date = "2022-01-10T09:00:00Z"
}