CloudTruth Documentation
Sign InAPIIntegrationsGitHubVisit our website
  • Overview
  • Getting Started
  • Architecture
    • 🔒Security Overview
  • Copilot
  • 🏢Org management
    • Account Setup
    • Access Control
      • 🔑API Tokens
      • 🌐Protecting Projects and Environments
      • 👥Users
    • Audit Log
  • 🛠️Config Management
    • Projects
    • Parameters
      • Sharing Config Data
      • Parameter Management
        • Internal Values
          • Dynamic Values
        • External Values
          • Terraform Remote State Files
        • Parameter Override
        • Environment Value Override
      • Parameter and Parameter Value Inheritance
      • Value Comparison
      • Value History
      • Value Validation
      • Value Expiration
    • Environments and Tags
    • Templates
      • 📒Sample Templates
    • Actions
      • Import Actions
      • Push Actions
    • CLI & API
      • CloudTruth CLI
      • Rest API
    • Integrations
      • Argo CD
      • Atlassian Compass
      • AWS
        • AWS Connection
        • AWS Role
          • CloudFormation
          • Terrraform
          • AWS Console
        • Parameter Store (SSM)
        • S3
        • Secrets Manager
      • Azure Key Vault
      • Bitbucket Pipelines
      • Docker
      • Docker Compose
      • GitHub
      • GitHub Actions
      • GitLab
      • Harness
      • Jenkins
      • Kubernetes
      • Pulumi
      • Terraform
      • Terragrunt
      • Explorer
      • Circle CI
    • Events, Notifications, Webhooks
    • Types
  • 🔎REPORTING
    • Compare
    • History
    • Expirations
  • 🚀PRODUCT
    • What is CloudTruth?
    • Interactive Demo
    • Kubernetes
    • Terraform
    • CI/CD Pipeline Configuration
    • Cloud CMDB
    • Secrets Management
    • GitOps
    • Our Manifesto
    • Open Source
    • FAQs
    • Our Mission
  • 📚Reference
    • 🎓Quick Start Videos
      • What is CloudTruth?
      • CloudTruth in Action
      • Environments and Projects
      • Secrets, Parameters, ENV variables
      • Audit Logs, RBAC, SSO
      • Containers - Kubernetes, Docker
      • Infrastructure as Code (IaC) - Terraform, Cloudformation, CDK, Azure Bicep, Pulumi
      • CICD Pipelines - GitHub Actions, ArgoCD, Jenkins, CircleCI, Harness, GitLab Pipelines
      • AWS Videos - Secret Manager, Parameter Store, S3, IAM
      • Azure Videos - Azure DevOps, Azure Bicep, PowerShell
    • Knowledge Base
      • Best Practices
        • Versioned Releases
      • CLI
        • History comparison of deleted parameters with null values
      • Integrations
        • Advanced AWS IAM policy permissions
        • K8s pull image from private Docker registry
        • S3 Region Selection
      • Templates
        • Templates render quotations in key values as quot
    • Roadmap and New Features
    • JMESPath Reference
    • REST API
Powered by GitBook

Copyright© 2023 CloudTruth

On this page
  • Setting a parameter to not change on expiration
  • Setting a parameter to automatically rotate values on expiration

Was this helpful?

  1. Config Management
  2. Parameters

Value Expiration

PreviousValue ValidationNextEnvironments and Tags

Last updated 1 year ago

Was this helpful?

Parameter Value Expiration gives us the ability to either visually alert or automatically rotate a parameter's values via a user specified duration. This is useful when a company policy requires secrets to be rotated on a regular basis.

Parameter Value Expiration can be set during creation or added to existing parameters.

Setting a parameter to not change on expiration

This example will show how to create an expiring parameter which does not automatically change the parameter's environment values. Visual indication only.

  1. Start by creating a new parameter

  2. Check the EXPIRES option

  3. Set the EXPIRES IN: duration

  1. Add the ENVIRONMENT VALUE in the ADD ENVIRONMENT VALUE modal, then click Save

  2. Note the expiration duration is visible in the parameter's detail page:

  1. Go back the Parameter List to see the visual indicator next to the parameter's value and hover over the hourglass to quickly view the remaining duration before the parameter expires:

The hourglass icon will change colors at different stages:

  • Black - expiration time is outside of 5 days

  • Yellow - expiration time is within 5 days and has not yet expired

  • Red - parameter value has expired

Setting a parameter to automatically rotate values on expiration

  1. Start by creating a new parameter

  2. Check the EXPIRES option

  3. Set the EXPIRES IN: duration

  4. Check the AUTO-GENERATE VALUE: option

  5. Select and modify the options as needed. The Generate Password button is there as a convenience and will generate a copyable password-style string to be pasted into the ADD ENVIRONMENT VALUE modal displayed after clicking Create Parameter here:

CloudTruth will check periodically for expired parameters and take the appropriate action to generate a new password and restart the duration clock.

🛠️