Skip to content

Commit 4f8a5e6

Browse files
workcontrolgitworkcontrolgit
committed
Switch deploy workflows to use Key Vault references for connection strings and JWT key
1 parent 05006b1 commit 4f8a5e6

2 files changed

Lines changed: 15 additions & 16 deletions

File tree

.github/workflows/deploy-api.yml

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -62,20 +62,19 @@ jobs:
6262

6363
- name: Configure App Service settings
6464
env:
65-
API_CONN: ${{ secrets.API_DB_CONNECTION_STRING }}
6665
IDS_URL: ${{ secrets.IDENTITY_SERVER_URL }}
67-
JWT_KEY: ${{ secrets.JWT_KEY }}
6866
ANGULAR_URL: ${{ secrets.ANGULAR_APP_URL }}
67+
KV_URI: ${{ secrets.KEY_VAULT_URI }}
6968
run: |
7069
az webapp config appsettings set \
7170
--resource-group ${{ env.RESOURCE_GROUP }} \
7271
--name ${{ env.APP_SERVICE_NAME }} \
7372
--settings \
74-
"ConnectionStrings__DefaultConnection=$API_CONN" \
73+
"ConnectionStrings__DefaultConnection=@Microsoft.KeyVault(SecretUri=${KV_URI}secrets/ConnectionStrings--DefaultConnection)" \
74+
"JWTSettings__Key=@Microsoft.KeyVault(SecretUri=${KV_URI}secrets/JWTSettings--Key)" \
7575
"Sts__ServerUrl=$IDS_URL" \
7676
"Sts__ValidIssuer=$IDS_URL" \
7777
"Sts__Audience=app.api.talentmanagement" \
78-
"JWTSettings__Key=$JWT_KEY" \
7978
"JWTSettings__Issuer=CoreIdentity" \
8079
"JWTSettings__Audience=CoreIdentityUser" \
8180
"JWTSettings__DurationInMinutes=60" \

.github/workflows/deploy-identityserver.yml

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -72,18 +72,18 @@ jobs:
7272

7373
- name: Configure STS App Service settings
7474
env:
75-
IDS_CONN: ${{ secrets.IDS_DB_CONNECTION_STRING }}
7675
IDS_URL: ${{ secrets.IDENTITY_SERVER_URL }}
7776
ADMIN_URL: ${{ secrets.IDENTITY_ADMIN_URL }}
77+
KV_URI: ${{ secrets.KEY_VAULT_URI }}
7878
run: |
7979
az webapp config appsettings set \
8080
--resource-group ${{ env.RESOURCE_GROUP }} \
8181
--name ${{ env.APP_SERVICE_NAME }} \
8282
--settings \
83-
"ConnectionStrings__ConfigurationDbConnection=$IDS_CONN" \
84-
"ConnectionStrings__PersistedGrantDbConnection=$IDS_CONN" \
85-
"ConnectionStrings__IdentityDbConnection=$IDS_CONN" \
86-
"ConnectionStrings__DataProtectionDbConnection=$IDS_CONN" \
83+
"ConnectionStrings__ConfigurationDbConnection=@Microsoft.KeyVault(SecretUri=${KV_URI}secrets/ConnectionStrings--IdsDbConnection)" \
84+
"ConnectionStrings__PersistedGrantDbConnection=@Microsoft.KeyVault(SecretUri=${KV_URI}secrets/ConnectionStrings--IdsDbConnection)" \
85+
"ConnectionStrings__IdentityDbConnection=@Microsoft.KeyVault(SecretUri=${KV_URI}secrets/ConnectionStrings--IdsDbConnection)" \
86+
"ConnectionStrings__DataProtectionDbConnection=@Microsoft.KeyVault(SecretUri=${KV_URI}secrets/ConnectionStrings--IdsDbConnection)" \
8787
"AdminConfiguration__IdentityServerBaseUrl=$IDS_URL" \
8888
"AdminConfiguration__IdentityAdminBaseUrl=$ADMIN_URL" \
8989
"CspTrustedDomains__0=www.gravatar.com" \
@@ -95,20 +95,20 @@ jobs:
9595
9696
- name: Configure Admin App Service settings
9797
env:
98-
IDS_CONN: ${{ secrets.IDS_DB_CONNECTION_STRING }}
9998
IDS_URL: ${{ secrets.IDENTITY_SERVER_URL }}
10099
ADMIN_URL: ${{ secrets.IDENTITY_ADMIN_URL }}
100+
KV_URI: ${{ secrets.KEY_VAULT_URI }}
101101
run: |
102102
az webapp config appsettings set \
103103
--resource-group ${{ env.RESOURCE_GROUP }} \
104104
--name ${{ env.ADMIN_APP_SERVICE_NAME }} \
105105
--settings \
106-
"ConnectionStrings__ConfigurationDbConnection=$IDS_CONN" \
107-
"ConnectionStrings__PersistedGrantDbConnection=$IDS_CONN" \
108-
"ConnectionStrings__IdentityDbConnection=$IDS_CONN" \
109-
"ConnectionStrings__AdminLogDbConnection=$IDS_CONN" \
110-
"ConnectionStrings__AdminAuditLogDbConnection=$IDS_CONN" \
111-
"ConnectionStrings__DataProtectionDbConnection=$IDS_CONN" \
106+
"ConnectionStrings__ConfigurationDbConnection=@Microsoft.KeyVault(SecretUri=${KV_URI}secrets/ConnectionStrings--IdsDbConnection)" \
107+
"ConnectionStrings__PersistedGrantDbConnection=@Microsoft.KeyVault(SecretUri=${KV_URI}secrets/ConnectionStrings--IdsDbConnection)" \
108+
"ConnectionStrings__IdentityDbConnection=@Microsoft.KeyVault(SecretUri=${KV_URI}secrets/ConnectionStrings--IdsDbConnection)" \
109+
"ConnectionStrings__AdminLogDbConnection=@Microsoft.KeyVault(SecretUri=${KV_URI}secrets/ConnectionStrings--IdsDbConnection)" \
110+
"ConnectionStrings__AdminAuditLogDbConnection=@Microsoft.KeyVault(SecretUri=${KV_URI}secrets/ConnectionStrings--IdsDbConnection)" \
111+
"ConnectionStrings__DataProtectionDbConnection=@Microsoft.KeyVault(SecretUri=${KV_URI}secrets/ConnectionStrings--IdsDbConnection)" \
112112
"AdminConfiguration__IdentityServerBaseUrl=$IDS_URL" \
113113
"AdminConfiguration__IdentityAdminRedirectUri=$ADMIN_URL/signin-oidc" \
114114
"SeedConfiguration__ApplySeed=false" \

0 commit comments

Comments
 (0)