Merge pull request #4221 from ministryofjustice/performance-hub/old-s…

…ecret-lifespan Zero recovery days for old secrets
ministryofjustice · Dec 4, 2023 · 3060d24 · 3060d24
2 parents 80d01a1 + 57e1767
commit 3060d24
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/terraform/environments/performance-hub/secrets.tf b/terraform/environments/performance-hub/secrets.tf
@@ -76,6 +76,7 @@ resource "aws_secretsmanager_secret_version" "os_vts_api_key" {
 resource "aws_secretsmanager_secret" "ap_import_access_key_id" {
   #checkov:skip=CKV_AWS_149
   name = "ap_import_access_key_id"
+  recovery_window_in_days = 0
   tags = merge(
     local.tags,
     {
@@ -92,6 +93,7 @@ resource "aws_secretsmanager_secret_version" "ap_import_access_key_id" {
 resource "aws_secretsmanager_secret" "ap_import_secret_access_key" {
   #checkov:skip=CKV_AWS_149
   name = "ap_import_secret_access_key"
+  recovery_window_in_days = 0
   tags = merge(
     local.tags,
     {
@@ -108,6 +110,7 @@ resource "aws_secretsmanager_secret_version" "ap_import_secret_access_key" {
 resource "aws_secretsmanager_secret" "ap_export_access_key_id" {
   #checkov:skip=CKV_AWS_149
   name = "ap_export_access_key_id"
+  recovery_window_in_days = 0
   tags = merge(
     local.tags,
     {
@@ -124,6 +127,7 @@ resource "aws_secretsmanager_secret_version" "ap_export_access_key_id" {
 resource "aws_secretsmanager_secret" "ap_export_secret_access_key" {
   #checkov:skip=CKV_AWS_149
   name = "ap_export_secret_access_key"
+  recovery_window_in_days = 0
   tags = merge(
     local.tags,
     {