Key Expiration Not Set
- Query id: 4d080822-5ee2-49a4-8984-68f3d4c890fc
- Query name: Key Expiration Not Set
- Platform: Terraform
- Severity: High
- Category: Secret Management
- URL: Github
Description¶
Make sure that for all keys the expiration date is set
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_key_vault_key" "positive1" {
name = "generated-certificate"
key_vault_id = azurerm_key_vault.example.id
key_type = "RSA"
key_size = 2048
key_opts = [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
]
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_key_vault_key" "negative1" {
name = "generated-certificate"
key_vault_id = azurerm_key_vault.example.id
key_type = "RSA"
key_size = 2048
key_opts = [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
]
expiration_date = "2020-12-30T20:00:00Z"
}