pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1332 from robgil-dds/170237669-use-keyvault-for-postgres-secrets

Browse Source 
170237669 - Converts postgres secrets to use keyvault
This commit is contained in:
dandds 2020-01-17 14:10:32 -05:00 committed by GitHub
commit c4b508693a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 29 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
terraform/modules/postgres/variables.tf
View File

@ -75,13 +75,11 @@ variable "storage_auto_grow" {
variable "administrator_login" {
type = string
description = "Administrator login"
default = "atat_master" # FIXME - Remove with wrapper using KeyVault
}
variable "administrator_login_password" {
type = string
description = "Administrator password"
default = "eI0l7yswwtuhHpwzoVjwRKdAcuGNsg" # FIXME - Remove with wrapper using KeyVault
}
variable "postgres_version" {

26
terraform/providers/dev/postgres.tf
View File

@ -1,8 +1,20 @@
module "sql" {
source = "../../modules/postgres"
name = var.name
owner = var.owner
environment = var.environment
region = var.region
subnet_id = module.vpc.subnets # FIXME - Should be a map of subnets and specify private
data "azurerm_key_vault_secret" "postgres_username" {
name = "postgres-root-user"
key_vault_id = module.operator_keyvault.id
}
data "azurerm_key_vault_secret" "postgres_password" {
name = "postgres-root-password"
key_vault_id = module.operator_keyvault.id
}
module "sql" {
source = "../../modules/postgres"
name = var.name
owner = var.owner
environment = var.environment
region = var.region
subnet_id = module.vpc.subnets # FIXME - Should be a map of subnets and specify private
administrator_login = data.azurerm_key_vault_secret.postgres_username.value
administrator_login_password = data.azurerm_key_vault_secret.postgres_password.value
}

10
terraform/providers/dev/secrets.tf Normal file
View File

@ -0,0 +1,10 @@
module "operator_keyvault" {
source = "../../modules/keyvault"
name = "operator"
region = var.region
owner = var.owner
environment = var.environment
tenant_id = var.tenant_id
principal_id = ""
admin_principals = var.admin_users
}