The External Secrets Inc. Audit & Compliance product suite is a premium product. It requires a specific subscription. Contact us for more information.

Rotation Compliance

This policy example will check if secrets are rotated within the last N days. The policy will be non-compliant if a secret was not rotated within the last N days.

Policy Execution Time

This policy example should be executed on Result events. (i.e. every time the listener process a new event)

Default Deny, Allow Case-by-Case Policy Code

package main 
import rego.v1

default allow := false
rotation_window := "720h" #30d
allow if {
  rotation_ns := time.parse_rfc3339_ns(input.LastRotation)
  window_ns := time.parse_duration_ns(rotation_window)
  time.now_ns() - rotation_ns < window_ns
}