Control: Ensure certificate 'Validity Period (in months)' is less than or equal to '12'
Description
Restrict the validity period of certificates stored in Azure Key Vault to 12 months or less.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.keyvault_certificate_validity_period_less_equal_12_monthsSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.keyvault_certificate_validity_period_less_equal_12_months --shareSQL
This control uses a named query:
select c.id as resource, case when (x509_certificate_properties -> 'validity_months')::int <= 12 then 'ok' else 'alarm' end as status, c.title || ' validity period is ' || (x509_certificate_properties -> 'validity_months') || ' month(s).' as reason , sub.display_name as subscriptionfrom azure_key_vault_certificate as c left join azure_subscription as sub on sub.subscription_id = c.subscription_id;