Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure AD - App and users - Add support for password rotation #237

Closed
LaurentLesle opened this issue Jan 28, 2021 · 0 comments · Fixed by #238
Closed

Azure AD - App and users - Add support for password rotation #237

LaurentLesle opened this issue Jan 28, 2021 · 0 comments · Fixed by #238
Labels
enhancement New feature or request

Comments

@LaurentLesle
Copy link
Contributor

This issue adds the password rotation for Azure AD application's service principal and Azure AD users

Examples - examples/azure_ad/102-password-rotation

Need Azure AD permissions to manage users and azure ad apps

Azure AD users. Password auto-created and stored into a keyvault secret

azuread_users = {
  user1 = {
    user_name = "demo-user"
    keyvault_key = "test_client"
    password_policy = {
      # Length of the password
      length  = 250
      special = false
      upper   = true
      number  = true

      # Define the number of days the password is valid. It must be more than the rotation frequency
      expire_in_days = 10
      rotation = {
        #
        # Set the password rotation frequency. When passed the renewal time, running the terraform plan / apply will change to a new password
        # Only set one of the value
        #

        mins   = 1     # only recommended for CI and demo
        # days = 7
        # months = 1
      }
    } //password_policy
  }
}

Azure AD Appplication. Password auto-created and stored into a keyvault secret

azuread_apps = {
  test_client = {
    useprefix        = true
    application_name = "test-client"
    password_policy = {
      # Length of the password
      length  = 250
      special = false
      upper   = true
      number  = true

      # Define the number of days the password is valid. It must be more than the rotation frequency
      expire_in_days = 10
      rotation = {
        #
        # Set the password rotation frequency. When passed the renewal time, running the terraform plan / apply will change to a new password
        # Only set one of the value
        #

        mins   = 2     # only recommended for CI and demo
        # days = 7
        # months = 1
      }
    } //password_policy
    app_role_assignment_required = true
    keyvaults = {
      test_client = {
        secret_prefix = "test-client"
      }
    }
    # Store the ${secret_prefix}-client-id, ${secret_prefix}-client-secret...
    # Set the policy during the creation process of the launchpad
  }
}
@LaurentLesle LaurentLesle added the enhancement New feature or request label Jan 28, 2021
This was referenced Jan 28, 2021
Closed
Merged
@LaurentLesle LaurentLesle linked a pull request Jan 28, 2021 that will close this issue
Azuread password rotation #238
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Azuread password rotation aztfmod/terraform-azurerm-caf
1 participant
@LaurentLesle