170237669 - Converts postgres secrets to use keyvault
This changes the configuration of the postgres master username and password. Instead of committing to source (short term hack), this now sources those secrets from KeyVault. Those secrets are generated and populated via secrets-tool.
This commit is contained in:
Rob Gil
@@ -1,8 +1,20 @@
|
||||
module "sql" {
|
||||
source = "../../modules/postgres"
|
||||
name = var.name
|
||||
owner = var.owner
|
||||
environment = var.environment
|
||||
region = var.region
|
||||
subnet_id = module.vpc.subnets # FIXME - Should be a map of subnets and specify private
|
||||
data "azurerm_key_vault_secret" "postgres_username" {
|
||||
name = "postgres-root-user"
|
||||
key_vault_id = module.operator_keyvault.id
|
||||
}
|
||||
|
||||
data "azurerm_key_vault_secret" "postgres_password" {
|
||||
name = "postgres-root-password"
|
||||
key_vault_id = module.operator_keyvault.id
|
||||
}
|
||||
|
||||
module "sql" {
|
||||
source = "../../modules/postgres"
|
||||
name = var.name
|
||||
owner = var.owner
|
||||
environment = var.environment
|
||||
region = var.region
|
||||
subnet_id = module.vpc.subnets # FIXME - Should be a map of subnets and specify private
|
||||
administrator_login = data.azurerm_key_vault_secret.postgres_username.value
|
||||
administrator_login_password = data.azurerm_key_vault_secret.postgres_password.value
|
||||
}
|
||||
|
||||
10
terraform/providers/dev/secrets.tf
Normal file
10
terraform/providers/dev/secrets.tf
Normal file
@@ -0,0 +1,10 @@
|
||||
module "operator_keyvault" {
|
||||
source = "../../modules/keyvault"
|
||||
name = "operator"
|
||||
region = var.region
|
||||
owner = var.owner
|
||||
environment = var.environment
|
||||
tenant_id = var.tenant_id
|
||||
principal_id = ""
|
||||
admin_principals = var.admin_users
|
||||
}
|
||||
Reference in New Issue
Block a user