From c3078eaf57c07ea5d210a81db0f8815c776b6cd9 Mon Sep 17 00:00:00 2001
From: Kevin Winters <kjwinters@google.com>
Date: Thu, 2 Nov 2023 16:44:48 -0400
Subject: [PATCH] Changing default roation period from 28 hours to 90 days
 based on
 https://cloud.google.com/kms/docs/key-rotation#how_often_to_rotate_keys

---
 README.md    | 2 +-
 variables.tf | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index af06f45..ec35100 100644
--- a/README.md
+++ b/README.md
@@ -48,7 +48,7 @@ Functional examples are included in the
 | encrypters | List of comma-separated owners for each key declared in set\_encrypters\_for. | `list(string)` | `[]` | no |
 | key\_algorithm | The algorithm to use when creating a version based on this template. See the https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm for possible inputs. | `string` | `"GOOGLE_SYMMETRIC_ENCRYPTION"` | no |
 | key\_protection\_level | The protection level to use when creating a version based on this template. Default value: "SOFTWARE" Possible values: ["SOFTWARE", "HSM"] | `string` | `"SOFTWARE"` | no |
-| key\_rotation\_period | Generate a new key every time this period passes. | `string` | `"100000s"` | no |
+| key\_rotation\_period | Generate a new key every time this period passes. | `string` | `"7776000s"` | no |
 | keyring | Keyring name. | `string` | n/a | yes |
 | keys | Key names. | `list(string)` | `[]` | no |
 | labels | Labels, provided as a map | `map(string)` | `{}` | no |
diff --git a/variables.tf b/variables.tf
index 495c53e..d61bd7c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -87,7 +87,7 @@ variable "decrypters" {
 variable "key_rotation_period" {
   description = "Generate a new key every time this period passes."
   type        = string
-  default     = "100000s"
+  default     = "7776000s"
 }
 
 variable "key_algorithm" {