ARM Template - Add secrets to the keyvault with activation and expiration date

Question

Is there any method to add an activation date and expiration when creating secrets through arm template?

When I export the key vault template I see this:

        {
        "type": "Microsoft.KeyVault/vaults/secrets",
        "apiVersion": "2021-11-01-preview",
        "name": "[concat(parameters('vaults_we_devops_poc_kv_23_name'), '/DBConnectionStringPassword')]",
        "location": "westeurope",
        "dependsOn": [
            "[resourceId('Microsoft.KeyVault/vaults', parameters('vaults_we_devops_poc_kv_23_name'))]"
        ],
        "properties": {
            "attributes": {
                "enabled": true,
                "nbf": 1648627063, - secret activation date
                "exp": 2027318262 - secret expiration date
            }
        }
    }

I think this integers are unique per secret so I can't just add these two in arm template. I've already tried to add these two values in the arm template and nothing happens.

        {
        "type": "Microsoft.KeyVault/vaults/secrets",
        "apiVersion": "2021-11-01-preview",
        "name": "[concat(parameters('vaults_we_devops_poc_kv_23_name'), '/DBConnectionStringPassword')]",
        "location": "westeurope",
        "dependsOn": [
            "[resourceId('Microsoft.KeyVault/vaults', parameters('vaults_we_devops_poc_kv_23_name'))]"
        ],
        "properties": {
            "attributes": {
                "enabled": true
            }
        }
    }

Answer 1

The integers are the times in seconds as per the docs, you can calculate their values using PowerShell:

$ActivationTime =  Get-Date -Year 2022 -Month 04 -Day 15 -UFormat %s
$ExpiryTime =  Get-Date -Year 2022 -Month 05 -Day 15 -UFormat %s

You can then pass those values into a template similar to this:

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "activationTime": {
            "type": "int"
        },
        "expiryTime": {
            "type": "int"
        },
        "secretValue": {
            "type": "securestring"
        }
    },
    "resources": [
        {
            "type": "Microsoft.KeyVault/vaults/secrets",
            "apiVersion": "2021-10-01",
            "name": "my-key-vault/test-secret",
            "properties": {
                "attributes": {
                    "enabled": true,
                    "exp": "[parameters('expiryTime')]",
                    "nbf": "[parameters('activationTime')]"
                },
                "value": "[parameters('secretValue')]"
            }
        }
    ]
}

Then deploy that using:

$Value = "my-secret-value"
$SecretValue = $Value | ConvertTo-SecureString -AsPlainText -Force
New-AzResourceGroupDeployment -Name TestSecretTemplate -ResourceGroupName my-resources-rg -TemplateFile .\deployment.json -activationTime $ActivationTime -expiryTime $ExpiryTime -secretValue $SecretValue