Skip to content

Commit

Permalink
Switch to using RBAC authorisation for Key Vault
Browse files Browse the repository at this point in the history
  • Loading branch information
DrizzlyOwl committed Feb 20, 2024
1 parent 7c832c0 commit 1840531
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 16 deletions.
20 changes: 10 additions & 10 deletions terraform/key-vault-tfvars-secrets.tf
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
module "azurerm_key_vault" {
source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.4.0"

environment = local.environment
project_name = local.project_name
existing_resource_group = module.azure_container_apps_hosting.azurerm_resource_group_default.name
azure_location = local.azure_location
key_vault_access_users = local.key_vault_access_users
key_vault_access_ipv4 = local.key_vault_access_ipv4
tfvars_filename = local.tfvars_filename
diagnostic_log_analytics_workspace_id = module.azure_container_apps_hosting.azurerm_log_analytics_workspace_container_app.id
diagnostic_eventhub_name = local.enable_event_hub ? module.azure_container_apps_hosting.azurerm_eventhub_container_app.name : ""
tags = local.tags
environment = local.environment
project_name = local.project_name
existing_resource_group = module.azure_container_apps_hosting.azurerm_resource_group_default.name
azure_location = local.azure_location
key_vault_access_use_rbac_authorization = true
key_vault_access_ipv4 = local.key_vault_access_ipv4
tfvars_filename = local.tfvars_filename
diagnostic_log_analytics_workspace_id = module.azure_container_apps_hosting.azurerm_log_analytics_workspace_container_app.id
diagnostic_eventhub_name = local.enable_event_hub ? module.azure_container_apps_hosting.azurerm_eventhub_container_app.name : ""
tags = local.tags
}
1 change: 0 additions & 1 deletion terraform/locals.tf
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@ locals {
cdn_frontdoor_custom_domains = var.cdn_frontdoor_custom_domains
cdn_frontdoor_host_redirects = var.cdn_frontdoor_host_redirects
cdn_frontdoor_health_probe_protocol = var.cdn_frontdoor_health_probe_protocol
key_vault_access_users = toset(var.key_vault_access_users)
key_vault_access_ipv4 = var.key_vault_access_ipv4
tfvars_filename = var.tfvars_filename
enable_monitoring = var.enable_monitoring
Expand Down
5 changes: 0 additions & 5 deletions terraform/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,6 @@ variable "environment" {
type = string
}

variable "key_vault_access_users" {
description = "List of users that require access to the Key Vault where tfvars are stored. This should be a list of User Principle Names (Found in Active Directory) that need to run terraform"
type = list(string)
}

variable "key_vault_access_ipv4" {
description = "List of IPv4 Addresses that are permitted to access the Key Vault"
type = list(string)
Expand Down

0 comments on commit 1840531

Please sign in to comment.