Integrate Azure Key Vault + secrets into Sample Projects

[bryansan-local]

• Create key vault and secret in Bicep and Bash scripts with Azure CLI. I haven't done it in Terraform since Key Vault doesn't work there yet.
• Read secret manually from code with the Python Key Vault SDK just for completeness and coverage.

PS: I still have to add certificates to the samples. I'm currently working on that

SMF-336

[paolosalvatori]

Hi @bryansan-local sorry for coming late to the PR, could also please update all the README.md files to include Key Vault? I see that the Terraform modules were not modified. Is this because the Azure Key Vault emulator does not work yet with the AzureRM Terraform provider? This means that with a sample that deploys and uses Key Vault only via scripts and Bicep, but not Terraform. Is this correct? In this case, we need to add a disclaimer to the README.md under the terraform folder. I can change the diagram, no worries.

[bryansan-local]

Hi @bryansan-local sorry for coming late to the PR, could also please update all the README.md files to include Key Vault? I see that the Terraform modules were not modified. Is this because the Azure Key Vault emulator does not work yet with the AzureRM Terraform provider? This means that with a sample that deploys and uses Key Vault only via scripts and Bicep, but not Terraform. Is this correct? In this case, we need to add a disclaimer to the README.md under the terraform folder. I can change the diagram, no worries.

Do you mean add mentions to key vault in the readme of the examples? I am absolutely no fan at all of the large code examples we have in the readme

On the other hand, yes, terraform doesn't support keyvault until we have the certificate we have been waiting for months and change the urls

[paolosalvatori]

Hi @bryansan-local sorry for coming late to the PR, could also please update all the README.md files to include Key Vault? I see that the Terraform modules were not modified. Is this because the Azure Key Vault emulator does not work yet with the AzureRM Terraform provider? This means that with a sample that deploys and uses Key Vault only via scripts and Bicep, but not Terraform. Is this correct? In this case, we need to add a disclaimer to the README.md under the terraform folder. I can change the diagram, no worries.

Do you mean add mentions to key vault in the readme of the examples? I am absolutely no fan at all of the large code examples we have in the readme

On the other hand, yes, terraform doesn't support keyvault until we have the certificate we have been waiting for months and change the urls

Well, I thought you were going to create a separate sample rather than updating an existing one! 🙂

Since your addition changed the overall architecture of the current sample, this needs to be reflected in the README files for consistency. Think about it: if you were consulting a sample online, how would you evaluate the article if the companion code and deployment artifacts provisioned something different than what was described?

Specifically, the use of Azure Key Vault is currently unmentioned, and the architecture diagram is now outdated. I can handle the diagram, but it’s good practice for you to update the README yourself to ensure the documentation matches the implementation. Thanks!

[paolosalvatori]

@bryansan-local I will turn the modified into a separate sample with no Terraform in addition to the original sample with no Azure Key Vault, but with Terraform deployment. So no need to do anything. Regarding your comment on boxes with large pieces of code, we can consider to remove them and replace them with a reminder to the scripts. When I'm done, I'll reach out to you.

[bryansan-local]

I agree with the readme mention to keyvault. I just haven't finished with the samples.

My vote for the web app is to not duplicate it and just wait for the fix of keyvault in terraform. Having two samples 90% identical is just redundant. I would just keep terraform broken for the time being until I can fix the thing. That is why I modified the existing one and not added one. As soon as I have my cert I will run and fix it

[paolosalvatori]

I agree with the readme mention to keyvault. I just haven't finished with the samples.

My vote for the web app is to not duplicate it and just wait for the fix of keyvault in terraform. Having two samples 90% identical is just redundant. I would just keep terraform broken for the time being until I can fix the thing. That is why I modified the existing one and not added one. As soon as I have my cert I will run and fix it

I agree, but in this case we need to temporarily remove Terraform deployment or add a disclaimer.

[bryansan-local]

Will do it

[paolosalvatori]

Will do it

I'm removing large blocks of code (even if customers love them, trust me), and doing other changes. I'll ping you when done.