- [ ] bug report -> please search issues before submitting
- [ X ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)
Minimal steps to reproduce
Provision #AzureSandbox
Enable Defender for Cloud CSPM
Any log messages given by the failure
Key vault secrets should have an expiration date
Expected/desired behavior
Remediate vulnerability.
OS and Version?
N/A
Versions
AzureSandbox v2.9.2
Mention any other details that might be useful
Secrets are mainly used during bootstrapping, so an expiration date should not impact use.
The one exception is the adminpassword secret which is used to log into VMs using Bastion.
A default secret expiration policy of 365 days should be a good compromise, most sandboxes will not live this long.
This issue is for a: (mark with an
x
)Minimal steps to reproduce
Any log messages given by the failure
Expected/desired behavior
OS and Version?
Versions
Mention any other details that might be useful