From 941c61dd1e88641bec516918d82ec00864335063 Mon Sep 17 00:00:00 2001
From: JoshVanL <vleeuwenjoshua@gmail.com>
Date: Mon, 5 Aug 2019 16:45:11 +0100
Subject: [PATCH] Mark the vault certificates to be renewed 30 days before
 expiry

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
---
 terraform/amazon/modules/vault/tls.tf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/terraform/amazon/modules/vault/tls.tf b/terraform/amazon/modules/vault/tls.tf
index e3810b6559..17ce7414b2 100644
--- a/terraform/amazon/modules/vault/tls.tf
+++ b/terraform/amazon/modules/vault/tls.tf
@@ -65,6 +65,9 @@ resource "tls_locally_signed_cert" "vault" {
   # 1 year
   validity_period_hours = 8766
 
+  # mark the certificate for renewal 30 days before expiry
+  early_renewal_hours = 720
+
   allowed_uses = [
     "key_encipherment",
     "digital_signature",