From 7e4b063f56edc4d2803b8eb4fe85df12527e2e2a Mon Sep 17 00:00:00 2001
From: Chris Wise <chris.wise@cyberhaven.com>
Date: Mon, 30 Oct 2023 15:04:53 +0000
Subject: [PATCH] add destroy_scheduled_duration attribute

---
 README.md    | 1 +
 main.tf      | 4 ++++
 variables.tf | 6 ++++++
 3 files changed, 11 insertions(+)

diff --git a/README.md b/README.md
index af06f45..c5adc4b 100644
--- a/README.md
+++ b/README.md
@@ -55,6 +55,7 @@ Functional examples are included in the
 | location | Location for the keyring. | `string` | n/a | yes |
 | owners | List of comma-separated owners for each key declared in set\_owners\_for. | `list(string)` | `[]` | no |
 | prevent\_destroy | Set the prevent\_destroy lifecycle attribute on keys. | `bool` | `true` | no |
+| key\_destroy\_scheduled\_duration | Set the destroy\_scheduled\_duration attribute on keys. The default when not set is 24 hours | `string` | `""` | no |
 | project\_id | Project id where the keyring will be created. | `string` | n/a | yes |
 | purpose | The immutable purpose of the CryptoKey. Possible values are ENCRYPT\_DECRYPT, ASYMMETRIC\_SIGN, and ASYMMETRIC\_DECRYPT. | `string` | `"ENCRYPT_DECRYPT"` | no |
 | set\_decrypters\_for | Name of keys for which decrypters will be set. | `list(string)` | `[]` | no |
diff --git a/main.tf b/main.tf
index cd87b6c..57f7eb2 100644
--- a/main.tf
+++ b/main.tf
@@ -35,6 +35,8 @@ resource "google_kms_crypto_key" "key" {
     prevent_destroy = true
   }
 
+  destroy_scheduled_duration  = var.key_destroy_scheduled_duration
+
   version_template {
     algorithm        = var.key_algorithm
     protection_level = var.key_protection_level
@@ -54,6 +56,8 @@ resource "google_kms_crypto_key" "key_ephemeral" {
     prevent_destroy = false
   }
 
+  destroy_scheduled_duration  = var.key_destroy_scheduled_duration 
+
   version_template {
     algorithm        = var.key_algorithm
     protection_level = var.key_protection_level
diff --git a/variables.tf b/variables.tf
index 495c53e..3c9c612 100644
--- a/variables.tf
+++ b/variables.tf
@@ -42,6 +42,12 @@ variable "prevent_destroy" {
   default     = true
 }
 
+variable "key_destroy_scheduled_duration" {
+  description = "Set The period of time that versions of keys spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED"
+  type = string
+  default = ""
+}
+
 variable "purpose" {
   type        = string
   description = "The immutable purpose of the CryptoKey. Possible values are ENCRYPT_DECRYPT, ASYMMETRIC_SIGN, and ASYMMETRIC_DECRYPT."