From 70121785da3e7b0a78393f44b0c1a9c87566902b Mon Sep 17 00:00:00 2001
From: Marco Kilchhofer <marco.kilchhofer.2@post.ch>
Date: Tue, 24 Jan 2023 10:25:11 +0100
Subject: [PATCH] chore: Fulfill checkov checks

---
 .checkov_config.yaml          | 1 +
 examples/named_cluster/kms.tf | 9 +++++----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/.checkov_config.yaml b/.checkov_config.yaml
index e5876c5e..76ef7797 100644
--- a/.checkov_config.yaml
+++ b/.checkov_config.yaml
@@ -11,6 +11,7 @@ quiet: true
 secrets-scan-file-type: []
 skip-check:
   - CKV_GHA_3
+  - CKV_AZURE_112
   - CKV_AZURE_168
   - CKV_AZURE_170
 skip-framework:
diff --git a/examples/named_cluster/kms.tf b/examples/named_cluster/kms.tf
index d0cee82e..bebf3e58 100644
--- a/examples/named_cluster/kms.tf
+++ b/examples/named_cluster/kms.tf
@@ -7,10 +7,11 @@ resource "azurerm_key_vault_key" "kms" {
     "verify",
     "wrapKey",
   ]
-  key_type     = "RSA"
-  key_vault_id = azurerm_key_vault.des_vault.id
-  name         = "etcd-encryption"
-  key_size     = 2048
+  key_type        = "RSA"
+  key_vault_id    = azurerm_key_vault.des_vault.id
+  name            = "etcd-encryption"
+  expiration_date = timeadd("${formatdate("YYYY-MM-DD", timestamp())}T00:00:00Z", "168h")
+  key_size        = 2048
 
   depends_on = [
     azurerm_key_vault_access_policy.current_user