Secret Expiration Not Set

  • Query id: dfa20ffa-f476-428f-a490-424b41e91c7f
  • Query name: Secret Expiration Not Set
  • Platform: Terraform
  • Severity: High
  • Category: Secret Management
  • URL: Github

Description

Make sure that for all secrets the expiration date is set
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "azurerm_key_vault_secret" "positive1" {
    name         = "secret-sauce"
    value        = "szechuan"
    key_vault_id = azurerm_key_vault.example.id

    tags = {
    environment = "Production"
    }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "azurerm_key_vault_secret" "negative1" {
    name         = "secret-sauce"
    value        = "szechuan"
    key_vault_id = azurerm_key_vault.example.id

    tags = {
    environment = "Production"
    }
    expiration_date = "2020-12-30T20:00:00Z"
}