Terraform just leveled up secret handling in Azure Key Vault. It now supports automated secret generation with random_password, plus full lifecycle control—rotation, expiration, and storage—baked right into your IaC.
Secrets stay marked as sensitive. They're managed in one place. And thanks to Terraform policies, they expire and renew on your terms.
Bigger shift: Infra teams are ditching ad-hoc secret workflows. Rotation and expiry now live in the same repo as the rest of the plan. Less drift. Fewer leaks.
