Azure - Set expiration on all secrets

azure key vault logo

Doing a policy enforcement, I needed to set an expiraton date on all secrets inside a key vault.

When you’ve 100+ items inside the key vault, you need a quick way to do it.

Get all secrets name

I use NR>2 to skip the 2 first lines because they’re not interesting:

az keyvault secret list --vault-name "MY-KEYVAULT-NAME" --output table --query "[].name" | awk "NR>2 {print $1}"

Set the expiration on each secret

az keyvault secret set-attributes --vault-name "MY-KEYVAULT-NAME" --expires "2023-01-27T14:00:00Z" --name "SECRET-NAME"

Where is the script?

I won’t post ready to use script for very simple thing.

Are you an engineer or a kid doing just copy/paste and nothing more?

Creating an array and looping over to execute a simple command line, it’s very trivial… a 8-10 year-old can do it.