Merge pull request #1 from alnaimi-github/deploy-keyvault

alnuaimicoder · web-flow · commit 95c4528884af · 2024-12-18T19:17:57.000+03:00
Add Azure Key Vault module and integrate into Bicep deployment
diff --git a/README.md b/README.md
@@ -29,7 +29,7 @@ az ad sp create-for-rbac --name "Github-Actions-SP" \
 ```powershell
 az ad sp create-for-rbac --name "Github-Actions-SP" `
                          --role contributor `
-                         --scopes /subscriptions/c19b5a5a-e3a7-495b-b6e3-14dbafe30ebd `
+                         --scopes /subscriptions/c39b5a5a-e3a7-495b-b6e3-84dbafe30ebd `
                          --sdk-auth
 ```
 
diff --git a/infrastructure/main.bicep b/infrastructure/main.bicep
@@ -2,14 +2,19 @@ param location string = resourceGroup().location
 
 var uniqueId = uniqueString(resourceGroup().id)
 
-module apiService 'modules/compute/appservice.bicep'= {
+module keyVault './modules/secrets/keyvault.bicep' = {
+  name: 'keyVaultDeployment'
+  params: {
+    vaultName: 'kv-${uniqueId}'
+    location: location
+  }
+}
+
+module apiService 'modules/compute/appservice.bicep' = {
   name: 'apiDeployment'
   params: {
     location: location
     appName: 'api-${uniqueId}'
     appServiceplanName: 'plan-api-${uniqueId}'
   }
 }
-
-
-
diff --git a/infrastructure/modules/secrets/keyvault.bicep b/infrastructure/modules/secrets/keyvault.bicep
@@ -0,0 +1,20 @@
+  param location string = resourceGroup().location
+  param vaultName string
+  
+  resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' = {
+    name: vaultName
+    location: location
+    properties: {
+      sku: {
+        family: 'A'
+        name: 'standard'
+      }
+      enableRbacAuthorization: true
+      tenantId: subscription().tenantId
+   
+    }
+  }
+  
+
+  output id string = keyVault.id
+  output name string = keyVault.name
