diff --git a/README.md b/README.md
index 721fca9..c514b98 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@ Terraform module to create the Core component of each workload, currently only i
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_keyvault_with_cmk"></a> [keyvault\_with\_cmk](#module\_keyvault\_with\_cmk) | github.com/schubergphilis/terraform-azure-mcaf-key-vault.git | v0.3.1 |
+| <a name="module_keyvault_with_cmk"></a> [keyvault\_with\_cmk](#module\_keyvault\_with\_cmk) | github.com/schubergphilis/terraform-azure-mcaf-key-vault.git | v0.3.2 |
 
 ## Resources
 
@@ -32,7 +32,7 @@ Terraform module to create the Core component of each workload, currently only i
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_key_vault"></a> [key\_vault](#input\_key\_vault) | n/a | <pre>object({<br>    name                            = string<br>    enabled_for_disk_encryption     = optional(bool, false)<br>    enabled_for_deployment          = optional(bool, false)<br>    enabled_for_template_deployment = optional(bool, false)<br>    enable_rbac_authorization       = optional(bool, true)<br>    purge_protection                = optional(bool, true)<br>    soft_delete_retention_days      = optional(number, 30)<br>    sku                             = optional(string, "standard")<br>    ip_rules                        = optional(list(string), [])<br>    subnet_ids                      = optional(list(string), [])<br>    network_bypass                  = optional(string, "None")<br>    cmk_keys_create                 = optional(bool, true)<br>    cmkrsa_key_name                 = optional(string, "cmkrsa")<br>    cmkec_key_name                  = optional(string, "cmkec")<br>    cmk_rotation_period             = optional(string, "P18M")<br>    cmk_expiry_period               = optional(string, "P2Y")<br>    cmk_notify_period               = optional(string, "P30D")<br>  })</pre> | n/a | yes |
+| <a name="input_key_vault"></a> [key\_vault](#input\_key\_vault) | n/a | <pre>object({<br>    name                            = string<br>    enabled_for_disk_encryption     = optional(bool, false)<br>    enabled_for_deployment          = optional(bool, false)<br>    enabled_for_template_deployment = optional(bool, false)<br>    enable_rbac_authorization       = optional(bool, true)<br>    purge_protection                = optional(bool, true)<br>    soft_delete_retention_days      = optional(number, 30)<br>    sku                             = optional(string, "standard")<br>    ip_rules                        = optional(list(string), [])<br>    subnet_ids                      = optional(list(string), [])<br>    network_bypass                  = optional(string, "None")<br>    cmk_keys_create                 = optional(bool, true)<br>    cmkrsa_key_name                 = optional(string, "cmkrsa")<br>    cmkec_key_name                  = optional(string, "cmkec")<br>    cmk_rotation_period             = optional(string, "P18M")<br>    cmk_expiry_period               = optional(string, "P2Y")<br>    cmk_notify_period               = optional(string, "P30D")<br>    cmk_expiration_date             = optional(string, null)<br>  })</pre> | n/a | yes |
 | <a name="input_location"></a> [location](#input\_location) | Location of the resources to create | `string` | n/a | yes |
 | <a name="input_resource_group"></a> [resource\_group](#input\_resource\_group) | The name of the resource group in which to create the resources. | <pre>object({<br>    name = string<br>  })</pre> | <pre>{<br>  "name": null<br>}</pre> | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to the resource. | `map(string)` | `{}` | no |
diff --git a/main.tf b/main.tf
index 9cd25fd..71b6032 100644
--- a/main.tf
+++ b/main.tf
@@ -12,7 +12,7 @@ resource "azurerm_resource_group" "this" {
 }
 
 module "keyvault_with_cmk" {
-  source = "github.com/schubergphilis/terraform-azure-mcaf-key-vault.git?ref=v0.3.1"
+  source = "github.com/schubergphilis/terraform-azure-mcaf-key-vault.git?ref=v0.3.2"
 
   key_vault = {
     name                            = var.key_vault.name
diff --git a/variables.tf b/variables.tf
index 55a9a7f..f9d5880 100644
--- a/variables.tf
+++ b/variables.tf
@@ -27,6 +27,7 @@ variable "key_vault" {
     cmk_rotation_period             = optional(string, "P18M")
     cmk_expiry_period               = optional(string, "P2Y")
     cmk_notify_period               = optional(string, "P30D")
+    cmk_expiration_date             = optional(string, null)
   })
 }