terraform.azure.best-practice.azure-secret-expiration-date.azure-secret-expiration-date
semgrep
Author
unknown
Download Count*
License
Ensure that the expiration date is set on all secrets
Run Locally
Run in CI
Defintion
rules:
- id: azure-secret-expiration-date
message: Ensure that the expiration date is set on all secrets
patterns:
- pattern: resource
- pattern-inside: |
resource "azurerm_key_vault_secret" "..." {
...
}
- pattern-not-inside: |
resource "azurerm_key_vault_secret" "..." {
...
expiration_date = "..."
...
}
metadata:
category: best-practice
technology:
- terraform
- azure
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
languages:
- hcl
severity: WARNING
Examples
azure-secret-expiration-date.tf
# fail
# ruleid: azure-secret-expiration-date
resource "azurerm_key_vault_secret" "example" {
name = "secret-sauce"
value = "szechuan"
key_vault_id = azurerm_key_vault.example.id
tags = {
environment = "Production"
}
}
# pass
resource "azurerm_key_vault_secret" "example" {
name = "secret-sauce"
value = "szechuan"
key_vault_id = azurerm_key_vault.example.id
tags = {
environment = "Production"
}
expiration_date = "2020-12-30T20:00:00Z"
}
Short Link: https://sg.run/329r