Description
At the moment there is no possibility to not storing client secrets in the terraform state, currently blocked from this provider issue.
Once is solved from the provider we have to use an ephemeral resource to store the secret in the key vault as well:
|
resource "azurerm_key_vault_secret" "this" { |
|
count = (var.client_secret.keyvault != null && var.client_secret.enabled) ? 1 : 0 |
|
key_vault_id = var.client_secret.keyvault.id |
|
name = var.client_secret.keyvault.key_name |
|
value = azuread_application_password.this[0].value |
|
|
|
} |
Tasks
Description
At the moment there is no possibility to not storing client secrets in the terraform state, currently blocked from this provider issue.
Once is solved from the provider we have to use an ephemeral resource to store the secret in the key vault as well:
tfm/modules/azure-application/main.tf
Lines 89 to 95 in e4fb6ef
Tasks
azuread_application_passwordandazurerm_key_vault_secret