diff --git a/terraform/modules/postgres/variables.tf b/terraform/modules/postgres/variables.tf
index 3dc19af2..2ee62685 100644
--- a/terraform/modules/postgres/variables.tf
+++ b/terraform/modules/postgres/variables.tf
@@ -75,13 +75,11 @@ variable "storage_auto_grow" {
 variable "administrator_login" {
   type        = string
   description = "Administrator login"
-  default     = "atat_master" # FIXME - Remove with wrapper using KeyVault
 }
 
 variable "administrator_login_password" {
   type        = string
   description = "Administrator password"
-  default     = "eI0l7yswwtuhHpwzoVjwRKdAcuGNsg" # FIXME - Remove with wrapper using KeyVault
 }
 
 variable "postgres_version" {
diff --git a/terraform/providers/dev/postgres.tf b/terraform/providers/dev/postgres.tf
index 89f06e0d..53031f85 100644
--- a/terraform/providers/dev/postgres.tf
+++ b/terraform/providers/dev/postgres.tf
@@ -1,8 +1,20 @@
-module "sql" {
-  source      = "../../modules/postgres"
-  name        = var.name
-  owner       = var.owner
-  environment = var.environment
-  region      = var.region
-  subnet_id   = module.vpc.subnets # FIXME - Should be a map of subnets and specify private
+data "azurerm_key_vault_secret" "postgres_username" {
+  name         = "postgres-root-user"
+  key_vault_id = module.operator_keyvault.id
+}
+
+data "azurerm_key_vault_secret" "postgres_password" {
+  name         = "postgres-root-password"
+  key_vault_id = module.operator_keyvault.id
+}
+
+module "sql" {
+  source                       = "../../modules/postgres"
+  name                         = var.name
+  owner                        = var.owner
+  environment                  = var.environment
+  region                       = var.region
+  subnet_id                    = module.vpc.subnets # FIXME - Should be a map of subnets and specify private
+  administrator_login          = data.azurerm_key_vault_secret.postgres_username.value
+  administrator_login_password = data.azurerm_key_vault_secret.postgres_password.value
 }
diff --git a/terraform/providers/dev/secrets.tf b/terraform/providers/dev/secrets.tf
new file mode 100644
index 00000000..5ef43a81
--- /dev/null
+++ b/terraform/providers/dev/secrets.tf
@@ -0,0 +1,10 @@
+module "operator_keyvault" {
+  source           = "../../modules/keyvault"
+  name             = "operator"
+  region           = var.region
+  owner            = var.owner
+  environment      = var.environment
+  tenant_id        = var.tenant_id
+  principal_id     = ""
+  admin_principals = var.admin_users
+}