github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/azure/keyvault/AVD-AZU-0017/Terraform.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/azure/keyvault/AVD-AZU-0017/Terraform.md (about)

     1  
     2  Set an expiry for secrets
     3  
     4  ```hcl
     5   resource "azurerm_key_vault_secret" "good_example" {
     6     name            = "secret-sauce"
     7     value           = "szechuan"
     8     key_vault_id    = azurerm_key_vault.example.id
     9     expiration_date = "1982-12-31T00:00:00Z"
    10   }
    11   
    12  ```
    13  ```hcl
    14  resource "azuread_application" "myapp" {
    15    display_name = "MyAzureAD App"
    16  
    17    group_membership_claims = ["ApplicationGroup"]
    18    prevent_duplicate_names = true
    19  
    20  }
    21  
    22  resource "azuread_application_password" "myapp" {
    23    application_object_id = azuread_application.myapp.object_id
    24  }
    25  
    26  resource "azurerm_key_vault_secret" "myapp_pass" {
    27    name            = "myapp-oauth"
    28    value           = azuread_application_password.myapp.value
    29    key_vault_id    = azurerm_key_vault.cluster_key_vault.id
    30    expiration_date = azuread_application_password.myapp.end_date
    31    content_type    = "Password"
    32  }
    33  
    34  ```
    35  
    36  #### Remediation Links
    37   - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret#expiration_date
    38