azure-vault-secret-expiry¶
Ensure that the expiration date is set on all secrets
It is considered an industry best practice to ensure that you rotate your secrets. Within Azure Key Vault, this is can be enforced by definining an expiration date on each secret that is created which will indicate the date after which a secret may no longer be used.
Examples¶
Insecure Example
resource "azurerm_key_vault_secret" "example" {
name = "secret-sauce"
value = "szechuan"
key_vault_id = azurerm_key_vault.example.id
expiration_date = null # (default is to not expire)
}
Secure Example
resource "azurerm_key_vault_secret" "example" {
name = "secret-sauce"
value = "szechuan"
key_vault_id = azurerm_key_vault.example.id
expiration_date = "2020-12-30T20:00:00Z"
}