diff --git a/README.md b/README.md
index 30f2ea68..22757cc9 100644
--- a/README.md
+++ b/README.md
@@ -566,7 +566,7 @@ statement instead the previous block.
| [evidence\_repo\_integration\_owner](#input\_evidence\_repo\_integration\_owner) | The name of the integration owner. | `string` | `""` | no |
| [evidence\_repo\_name](#input\_evidence\_repo\_name) | The repository name. | `string` | `""` | no |
| [evidence\_repo\_url](#input\_evidence\_repo\_url) | Deprecated: Use `evidence_repo_existing_url`. This is a template repository to link compliance-evidence-locker for reference DevSecOps toolchain templates. | `string` | `""` | no |
-| [expiration\_period](#input\_expiration\_period) | The number of days until the secret expires. | `string` | `""` | no |
+| [expiration\_period](#input\_expiration\_period) | The number of days until the secret expires. Leave empty to not set an expiration. | `string` | `""` | no |
| [gosec\_private\_repository\_host](#input\_gosec\_private\_repository\_host) | Your private repository base URL. | `string` | `""` | no |
| [gosec\_private\_repository\_ssh\_key\_secret\_crn](#input\_gosec\_private\_repository\_ssh\_key\_secret\_crn) | The CRN for the GoSec repository secret. | `string` | `""` | no |
| [gosec\_repo\_ssh\_key\_secret\_group](#input\_gosec\_repo\_ssh\_key\_secret\_group) | Secret group prefix for the gosec private repository ssh key secret. Defaults to `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no |
diff --git a/code-engine/README.md b/code-engine/README.md
index 88717580..6629894c 100644
--- a/code-engine/README.md
+++ b/code-engine/README.md
@@ -570,6 +570,7 @@ statement instead the previous block.
| [evidence\_repo\_integration\_owner](#input\_evidence\_repo\_integration\_owner) | The name of the integration owner. | `string` | `""` | no |
| [evidence\_repo\_name](#input\_evidence\_repo\_name) | The repository name. | `string` | `""` | no |
| [evidence\_repo\_url](#input\_evidence\_repo\_url) | Deprecated: Use `evidence_repo_existing_url`. This is a template repository to link compliance-evidence-locker for reference DevSecOps toolchain templates. | `string` | `""` | no |
+| [expiration\_period](#input\_expiration\_period) | The number of days until the secret expires. Leave empty to not set an expiration. | `string` | `""` | no |
| [gosec\_private\_repository\_host](#input\_gosec\_private\_repository\_host) | Your private repository base URL. | `string` | `""` | no |
| [gosec\_private\_repository\_ssh\_key\_secret\_crn](#input\_gosec\_private\_repository\_ssh\_key\_secret\_crn) | The CRN for the GoSec repository secret. | `string` | `""` | no |
| [gosec\_repo\_ssh\_key\_secret\_group](#input\_gosec\_repo\_ssh\_key\_secret\_group) | Secret group prefix for the gosec private repository ssh key secret. Defaults to `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no |
diff --git a/code-engine/main.tf b/code-engine/main.tf
index 810a69c6..86fb13ed 100644
--- a/code-engine/main.tf
+++ b/code-engine/main.tf
@@ -114,6 +114,7 @@ module "prereqs" {
iam_api_key_secret_name = var.pipeline_ibmcloud_api_key_secret_name
signing_key_secret_name = var.ci_signing_key_secret_name
signing_certifcate_secret_name = var.cd_code_signing_cert_secret_name
+ expiration_period = var.expiration_period
sm_exists = var.enable_secrets_manager
sm_endpoint_type = var.sm_endpoint_type
}
diff --git a/code-engine/variables.tf b/code-engine/variables.tf
index 5e2d636e..df55bf80 100644
--- a/code-engine/variables.tf
+++ b/code-engine/variables.tf
@@ -189,7 +189,7 @@ variable "sm_endpoint_type" {
variable "expiration_period" {
type = string
- description = "The number of days until the secret expires."
+ description = "The number of days until the secret expires. Leave empty to not set an expiration."
default = ""
}
diff --git a/main.tf b/main.tf
index f2916f84..babd21c9 100644
--- a/main.tf
+++ b/main.tf
@@ -98,6 +98,7 @@ module "prereqs" {
iam_api_key_secret_name = var.pipeline_ibmcloud_api_key_secret_name
signing_key_secret_name = var.ci_signing_key_secret_name
signing_certifcate_secret_name = var.cd_code_signing_cert_secret_name
+ expiration_period = var.expiration_period
sm_exists = var.enable_secrets_manager
sm_endpoint_type = var.sm_endpoint_type
}
diff --git a/prereqs/variables.tf b/prereqs/variables.tf
index 6a875e53..1fec5564 100644
--- a/prereqs/variables.tf
+++ b/prereqs/variables.tf
@@ -78,7 +78,7 @@ variable "sm_endpoint_type" {
variable "expiration_period" {
type = string
- description = "The number of days until the secret expires."
+ description = "The number of days until the secret expires. Leave empty to not set an expiration."
default = ""
}
diff --git a/variables.tf b/variables.tf
index 5c6013c3..d8736be9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -189,7 +189,7 @@ variable "sm_endpoint_type" {
variable "expiration_period" {
type = string
- description = "The number of days until the secret expires."
+ description = "The number of days until the secret expires. Leave empty to not set an expiration."
default = ""
}