Locks down keyvaults to subnets and administrator ip addresses

terraform/providers/dev/keyvault.tf

@@ -7,5 +7,8 @@ module "keyvault" {
   tenant_id        = var.tenant_id
   principal_id     = "f9bcbe58-8b73-4957-aee2-133dc3e58063"
   admin_principals = var.admin_users
+  policy           = "Deny"
+  subnet_ids       = [module.vpc.subnets]
+  whitelist        = var.admin_user_whitelist
 }
 

terraform/providers/dev/secrets.tf

@@ -7,4 +7,7 @@ module "operator_keyvault" {
   tenant_id        = var.tenant_id
   principal_id     = ""
   admin_principals = var.admin_users
+  policy           = "Deny"
+  subnet_ids       = [module.vpc.subnets]
+  whitelist        = var.admin_user_whitelist
 }