Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
Use Case
We are using azuread_application_password to generate client ID's and Secrets for applications and storing the created Client ID's and Secrets in Vault where applications can pull the credentials at run time. We would like to use the
rotate_when_changed = { rotation = time_rotating.example.id }
stanza to rotate the credentials before they expire so that applications can pull active credentials when they startup (either move to a new node, patching, etc. Why they restart isn't relevant), but we don't want to expire credentials that are in active use.
Using rotate_when_changed deletes the existing credential.
Ideally we would like azuread_application_password to append when there is a non-expired credential in place instead of delete then create.
Community Note
Description
Use Case
We are using azuread_application_password to generate client ID's and Secrets for applications and storing the created Client ID's and Secrets in Vault where applications can pull the credentials at run time. We would like to use the
rotate_when_changed = { rotation = time_rotating.example.id }
stanza to rotate the credentials before they expire so that applications can pull active credentials when they startup (either move to a new node, patching, etc. Why they restart isn't relevant), but we don't want to expire credentials that are in active use.Using rotate_when_changed deletes the existing credential.
Ideally we would like azuread_application_password to append when there is a non-expired credential in place instead of delete then create.
New or Affected Resource(s)
Potential Terraform Configuration
References
0000