diff --git a/terraform/README.md b/terraform/README.md
index 6a61175..ac61df2 100644
--- a/terraform/README.md
+++ b/terraform/README.md
@@ -137,6 +137,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
| [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.5.2 |
+| [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.4.1 |
| [statuscake-tls-monitor](#module\_statuscake-tls-monitor) | github.com/dfe-digital/terraform-statuscake-tls-monitor | v0.1.3 |
## Resources
@@ -177,6 +178,7 @@ No resources.
| [existing\_network\_watcher\_resource\_group\_name](#input\_existing\_network\_watcher\_resource\_group\_name) | Existing network watcher resource group. | `string` | n/a | yes |
| [image\_name](#input\_image\_name) | Image name | `string` | n/a | yes |
| [image\_tag](#input\_image\_tag) | Default image tag for the primary container | `string` | `"web-latest"` | no |
+| [key\_vault\_access\_ipv4](#input\_key\_vault\_access\_ipv4) | List of IPv4 Addresses that are permitted to access the Key Vault | `list(string)` | n/a | yes |
| [monitor\_email\_receivers](#input\_monitor\_email\_receivers) | A list of email addresses that should be notified by monitoring alerts | `list(string)` | n/a | yes |
| [monitor\_endpoint\_healthcheck](#input\_monitor\_endpoint\_healthcheck) | Specify a route that should be monitored for a 200 OK status | `string` | n/a | yes |
| [project\_name](#input\_project\_name) | Project name. Will be used along with `environment` as a prefix for all resources. | `string` | n/a | yes |
@@ -189,6 +191,7 @@ No resources.
| [statuscake\_contact\_group\_name](#input\_statuscake\_contact\_group\_name) | Name of the contact group in StatusCake | `string` | `""` | no |
| [statuscake\_monitored\_resource\_addresses](#input\_statuscake\_monitored\_resource\_addresses) | The URLs to perform TLS checks on | `list(string)` | `[]` | no |
| [tags](#input\_tags) | Tags to be applied to all resources | `map(string)` | n/a | yes |
+| [tfvars\_filename](#input\_tfvars\_filename) | tfvars filename. This ensures that tfvars are kept up to date in Key Vault. | `string` | n/a | yes |
| [virtual\_network\_address\_space](#input\_virtual\_network\_address\_space) | Virtual network address space CIDR | `string` | n/a | yes |
## Outputs
diff --git a/terraform/key-vault-tfvars-secrets.tf b/terraform/key-vault-tfvars-secrets.tf
index 019415f..275886b 100644
--- a/terraform/key-vault-tfvars-secrets.tf
+++ b/terraform/key-vault-tfvars-secrets.tf
@@ -1,15 +1,15 @@
-# module "azurerm_key_vault" {
-# source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.4.1"
+module "azurerm_key_vault" {
+ source = "github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars?ref=v0.4.1"
-# environment = local.environment
-# project_name = local.project_name
-# existing_resource_group = module.azure_container_apps_hosting.azurerm_resource_group_default.name
-# azure_location = local.azure_location
-# key_vault_access_use_rbac_authorization = true
-# key_vault_access_users = []
-# key_vault_access_ipv4 = local.key_vault_access_ipv4
-# tfvars_filename = local.tfvars_filename
-# diagnostic_log_analytics_workspace_id = module.azure_container_apps_hosting.azurerm_log_analytics_workspace_container_app.id
-# diagnostic_eventhub_name = ""
-# tags = local.tags
-# }
+ environment = local.environment
+ project_name = local.project_name
+ existing_resource_group = module.azure_container_apps_hosting.azurerm_resource_group_default.name
+ azure_location = local.azure_location
+ key_vault_access_use_rbac_authorization = true
+ key_vault_access_users = []
+ key_vault_access_ipv4 = local.key_vault_access_ipv4
+ tfvars_filename = local.tfvars_filename
+ diagnostic_log_analytics_workspace_id = module.azure_container_apps_hosting.azurerm_log_analytics_workspace_container_app.id
+ diagnostic_eventhub_name = ""
+ tags = local.tags
+}
diff --git a/terraform/locals.tf b/terraform/locals.tf
index 697d959..95438f5 100644
--- a/terraform/locals.tf
+++ b/terraform/locals.tf
@@ -1,34 +1,34 @@
locals {
- environment = var.environment
- project_name = var.project_name
- azure_location = var.azure_location
- tags = var.tags
- virtual_network_address_space = var.virtual_network_address_space
- enable_container_registry = var.enable_container_registry
- registry_admin_enabled = var.registry_admin_enabled
- registry_use_managed_identity = var.registry_use_managed_identity
- registry_managed_identity_assign_role = var.registry_managed_identity_assign_role
- image_name = var.image_name
- image_tag = var.image_tag
- container_command = var.container_command
- container_secret_environment_variables = var.container_secret_environment_variables
- container_scale_http_concurrency = var.container_scale_http_concurrency
- container_health_probe_protocol = var.container_health_probe_protocol
- enable_dns_zone = var.enable_dns_zone
- dns_zone_domain_name = var.dns_zone_domain_name
- dns_ns_records = var.dns_ns_records
- dns_txt_records = var.dns_txt_records
- enable_cdn_frontdoor = var.enable_cdn_frontdoor
- container_apps_allow_ips_inbound = var.container_apps_allow_ips_inbound
- cdn_frontdoor_enable_rate_limiting = var.cdn_frontdoor_enable_rate_limiting
- cdn_frontdoor_host_add_response_headers = var.cdn_frontdoor_host_add_response_headers
- cdn_frontdoor_custom_domains = var.cdn_frontdoor_custom_domains
- cdn_frontdoor_origin_fqdn_override = var.cdn_frontdoor_origin_fqdn_override
- cdn_frontdoor_origin_host_header_override = var.cdn_frontdoor_origin_host_header_override
- cdn_frontdoor_forwarding_protocol = var.cdn_frontdoor_forwarding_protocol
- enable_cdn_frontdoor_health_probe = var.enable_cdn_frontdoor_health_probe
- # key_vault_access_ipv4 = var.key_vault_access_ipv4
- # tfvars_filename = var.tfvars_filename
+ environment = var.environment
+ project_name = var.project_name
+ azure_location = var.azure_location
+ tags = var.tags
+ virtual_network_address_space = var.virtual_network_address_space
+ enable_container_registry = var.enable_container_registry
+ registry_admin_enabled = var.registry_admin_enabled
+ registry_use_managed_identity = var.registry_use_managed_identity
+ registry_managed_identity_assign_role = var.registry_managed_identity_assign_role
+ image_name = var.image_name
+ image_tag = var.image_tag
+ container_command = var.container_command
+ container_secret_environment_variables = var.container_secret_environment_variables
+ container_scale_http_concurrency = var.container_scale_http_concurrency
+ container_health_probe_protocol = var.container_health_probe_protocol
+ enable_dns_zone = var.enable_dns_zone
+ dns_zone_domain_name = var.dns_zone_domain_name
+ dns_ns_records = var.dns_ns_records
+ dns_txt_records = var.dns_txt_records
+ enable_cdn_frontdoor = var.enable_cdn_frontdoor
+ container_apps_allow_ips_inbound = var.container_apps_allow_ips_inbound
+ cdn_frontdoor_enable_rate_limiting = var.cdn_frontdoor_enable_rate_limiting
+ cdn_frontdoor_host_add_response_headers = var.cdn_frontdoor_host_add_response_headers
+ cdn_frontdoor_custom_domains = var.cdn_frontdoor_custom_domains
+ cdn_frontdoor_origin_fqdn_override = var.cdn_frontdoor_origin_fqdn_override
+ enable_cdn_frontdoor_health_probe = var.enable_cdn_frontdoor_health_probe
+ cdn_frontdoor_origin_host_header_override = var.cdn_frontdoor_origin_host_header_override
+ cdn_frontdoor_forwarding_protocol = var.cdn_frontdoor_forwarding_protocol
+ key_vault_access_ipv4 = var.key_vault_access_ipv4
+ tfvars_filename = var.tfvars_filename
enable_monitoring = var.enable_monitoring
monitor_email_receivers = var.monitor_email_receivers
enable_container_health_probe = var.enable_container_health_probe
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 0aab4da..45a7037 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -3,15 +3,15 @@ variable "environment" {
type = string
}
-# variable "key_vault_access_ipv4" {
-# description = "List of IPv4 Addresses that are permitted to access the Key Vault"
-# type = list(string)
-# }
-
-# variable "tfvars_filename" {
-# description = "tfvars filename. This ensures that tfvars are kept up to date in Key Vault."
-# type = string
-# }
+variable "key_vault_access_ipv4" {
+ description = "List of IPv4 Addresses that are permitted to access the Key Vault"
+ type = list(string)
+}
+
+variable "tfvars_filename" {
+ description = "tfvars filename. This ensures that tfvars are kept up to date in Key Vault."
+ type = string
+}
variable "project_name" {
description = "Project name. Will be used along with `environment` as a prefix for all resources."