Key Expiration Not Set

  • Query id: 4d080822-5ee2-49a4-8984-68f3d4c890fc
  • Query name: Key Expiration Not Set
  • Platform: Terraform
  • Severity: High
  • Category: Secret Management
  • URL: Github

Description

Make sure that for all keys the expiration date is set
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "azurerm_key_vault_key" "positive1" {
    name         = "generated-certificate"
    key_vault_id = azurerm_key_vault.example.id
    key_type     = "RSA"
    key_size     = 2048

    key_opts = [
    "decrypt",
    "encrypt",
    "sign",
    "unwrapKey",
    "verify",
    "wrapKey",
    ]
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "azurerm_key_vault_key" "negative1" {
    name         = "generated-certificate"
    key_vault_id = azurerm_key_vault.example.id
    key_type     = "RSA"
    key_size     = 2048

    key_opts = [
    "decrypt",
    "encrypt",
    "sign",
    "unwrapKey",
    "verify",
    "wrapKey",
    ]
  expiration_date = "2020-12-30T20:00:00Z"
}