# Expire After a Duration

In this guide, you'll learn how you can configure a Grant Kit to automatically revoke access to a grant after some duration. You'll do this by importing and using an expiration policy Abbey provides out-of-the-box.

We will be using the [Quickstart](https://docs.abbey.io/getting-started/quickstart) as a base and modify it to this use case.

## Step 1: Add a Directory for Your Policy

In your repo, add a directory to put your policies.

{% code title="/" %}

```diff
.github/
+ policies/
+   .manifest
+   common.rego
.gitignore
.terraform.lock.hcl
LICENSE
README.md
access.tf
main.tf
outputs.tf
variables.tf
```

{% endcode %}

{% hint style="info" %}
Abbey will automatically build your policies for you using the standard Open Policy Agent (OPA) CLI via `opa build`.
{% endhint %}

## Step 2: Configure Your Manifest and Policy

First, configure your Manifest in your `.manifest` file. This will tell the Policy Engine where your policy file is located.

```diff
+ {"roots": ["common"]}
```

Next, write your policy using Abbey's expiration helper functions.

{% code title="common.rego" lineNumbers="true" %}

```rego
package common

import data.abbey.functions

allow[msg] {
  functions.expire_after("24h")
  msg := "granting access for 24 hours."
}
```

{% endcode %}

{% hint style="info" %}
Abbey revokes grants in realtime. When 24 hours has passed, the grant will be revoked immediately.
{% endhint %}

{% hint style="success" %}
Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
{% endhint %}

## Step 3: Add Your Policy

Now that you have your policy set up, you can add it to your Grant Kit.

{% code title="main.tf" lineNumbers="true" %}

```diff
resource "abbey_grant_kit" "null_grant" {
  ...
  
+  policies = [
+    {
+      bundle = "github://example-org/example-repo/policies"
+    }
+  ]

  ...
}
```

{% endcode %}