diff --git a/terraform/modules/keyvault/main.tf b/terraform/modules/keyvault/main.tf
index d4208e36..5df79ab3 100644
--- a/terraform/modules/keyvault/main.tf
+++ b/terraform/modules/keyvault/main.tf
@@ -1,7 +1,7 @@
 data "azurerm_client_config" "current" {}
 
 resource "azurerm_resource_group" "keyvault" {
-  name     = "${var.name}-${var.environment}-rg"
+  name     = "${var.name}-${var.environment}-keyvault"
   location = var.region
 }
 
diff --git a/terraform/modules/lb/main.tf b/terraform/modules/lb/main.tf
index 1c9acace..4e22e48d 100644
--- a/terraform/modules/lb/main.tf
+++ b/terraform/modules/lb/main.tf
@@ -19,4 +19,9 @@ resource "azurerm_lb" "lb" {
     name                 = "${var.name}-${var.environment}-ip"
     public_ip_address_id = azurerm_public_ip.lb.id
   }
+
+  tags = {
+    owner       = var.owner
+    environment = var.environment
+  }
 }
diff --git a/terraform/modules/managed_identity/main.tf b/terraform/modules/managed_identity/main.tf
new file mode 100644
index 00000000..84e186ce
--- /dev/null
+++ b/terraform/modules/managed_identity/main.tf
@@ -0,0 +1,11 @@
+resource "azurerm_resource_group" "identity" {
+  name     = "${var.name}-${var.environment}-${var.identity}"
+  location = var.region
+}
+
+resource "azurerm_user_assigned_identity" "identity" {
+  resource_group_name = azurerm_resource_group.identity.name
+  location            = azurerm_resource_group.identity.location
+
+  name = "${var.name}-${var.environment}-${var.identity}"
+}
\ No newline at end of file
diff --git a/terraform/modules/managed_identity/outputs.tf b/terraform/modules/managed_identity/outputs.tf
new file mode 100644
index 00000000..e69de29b
diff --git a/terraform/modules/managed_identity/variables.tf b/terraform/modules/managed_identity/variables.tf
new file mode 100644
index 00000000..f2a1a758
--- /dev/null
+++ b/terraform/modules/managed_identity/variables.tf
@@ -0,0 +1,24 @@
+variable "region" {
+  type        = string
+  description = "Region this module and resources will be created in"
+}
+
+variable "name" {
+  type        = string
+  description = "Unique name for the services in this module"
+}
+
+variable "environment" {
+  type        = string
+  description = "Environment these resources reside (prod, dev, staging, etc)"
+}
+
+variable "owner" {
+  type        = string
+  description = "Owner of the environment and resources created in this module"
+}
+
+variable "identity" {
+  type        = string
+  description = "Name of the managed identity to create"
+}
diff --git a/terraform/modules/postgres/variables.tf b/terraform/modules/postgres/variables.tf
index 3346ff8f..3dc19af2 100644
--- a/terraform/modules/postgres/variables.tf
+++ b/terraform/modules/postgres/variables.tf
@@ -54,7 +54,6 @@ variable "storage_mb" {
   default     = "5120"
 }
 
-
 variable "storage_backup_retention_days" {
   type        = string
   description = "Storage backup retention (days)"
@@ -76,7 +75,7 @@ variable "storage_auto_grow" {
 variable "administrator_login" {
   type        = string
   description = "Administrator login"
-  default     = "sqladmindude" # FIXME - Remove with wrapper using KeyVault
+  default     = "atat_master" # FIXME - Remove with wrapper using KeyVault
 }
 
 variable "administrator_login_password" {
@@ -85,11 +84,10 @@ variable "administrator_login_password" {
   default     = "eI0l7yswwtuhHpwzoVjwRKdAcuGNsg" # FIXME - Remove with wrapper using KeyVault
 }
 
-
 variable "postgres_version" {
   type        = string
   description = "Postgres version to use"
-  default     = "11"
+  default     = "10"
 }
 
 variable "ssl_enforcement" {
diff --git a/terraform/providers/dev/identities.tf b/terraform/providers/dev/identities.tf
new file mode 100644
index 00000000..0def7ce6
--- /dev/null
+++ b/terraform/providers/dev/identities.tf
@@ -0,0 +1,8 @@
+module "keyvault_reader_identity" {
+  source      = "../../modules/managed_identity"
+  name        = var.name
+  owner       = var.owner
+  environment = var.environment
+  region      = var.region
+  identity    = "${var.name}-${var.environment}-vault-reader"
+}
diff --git a/terraform/providers/dev/k8s.tf b/terraform/providers/dev/k8s.tf
index 22120c93..4515f35f 100644
--- a/terraform/providers/dev/k8s.tf
+++ b/terraform/providers/dev/k8s.tf
@@ -9,10 +9,18 @@ module "k8s" {
   vnet_subnet_id = module.vpc.subnets #FIXME - output from module.vpc.subnets should be map
 }
 
-module "lb" {
-  source      = "../../modules/lb"
-  region      = var.region
-  name        = var.name
-  environment = var.environment
-  owner       = var.owner
-}
+#module "main_lb" {
+#  source      = "../../modules/lb"
+#  region      = var.region
+#  name        = "main-${var.name}"
+#  environment = var.environment
+#  owner       = var.owner
+#}
+
+#module "auth_lb" {
+#  source      = "../../modules/lb"
+#  region      = var.region
+#  name        = "auth-${var.name}"
+#  environment = var.environment
+#  owner       = var.owner
+#}
diff --git a/terraform/providers/dev/secrets-tool.log b/terraform/providers/dev/secrets-tool.log
new file mode 100644
index 00000000..e69de29b