Promote SSL Cert (#7091)

* update key vault secret id for ssl certificate * Replace hardcoded SSL certificate reference with dynamic retrieval from Azure Key Vault * fix(app_service): use dynamic key vault secret id instead of hardcoded value
CDCgov · Dec 15, 2023 · aa25fb9 · aa25fb9
1 parent f8c7ff0
commit aa25fb9
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 7 deletions.
diff --git a/ops/prod/app_gateway_url_redirects.tf b/ops/prod/app_gateway_url_redirects.tf
@@ -154,12 +154,12 @@ resource "azurerm_application_gateway" "www_redirect" {
     frontend_ip_configuration_name = local.frontend_config
     frontend_port_name             = local.https_listener
     protocol                       = "Https"
-    ssl_certificate_name           = "new-sr-wildcard"
+    ssl_certificate_name           = data.azurerm_key_vault_certificate.wildcard_simplereport_gov.name
   }
 
   ssl_certificate {
-    name                = "new-sr-wildcard"
-    key_vault_secret_id = "https://simple-report-global.vault.azure.net/secrets/new-sr-wildcard/387cec9bcc254ac7970aa21311b075fc"
+    name                = data.azurerm_key_vault_certificate.wildcard_simplereport_gov.name
+    key_vault_secret_id = data.azurerm_key_vault_certificate.wildcard_simplereport_gov.secret_id
   }
 
   ssl_policy {

diff --git a/ops/services/app_gateway/main.tf b/ops/services/app_gateway/main.tf
@@ -251,12 +251,12 @@ resource "azurerm_application_gateway" "load_balancer" {
     frontend_ip_configuration_name = local.frontend_config
     frontend_port_name             = local.https_listener
     protocol                       = "Https"
-    ssl_certificate_name           = "new-sr-wildcard"
+    ssl_certificate_name           = data.azurerm_key_vault_certificate.wildcard_simplereport_gov.name
   }
 
   ssl_certificate {
-    name                = "new-sr-wildcard"
-    key_vault_secret_id = "https://simple-report-global.vault.azure.net/secrets/new-sr-wildcard/387cec9bcc254ac7970aa21311b075fc"
+    name                = data.azurerm_key_vault_certificate.wildcard_simplereport_gov.name
+    key_vault_secret_id = data.azurerm_key_vault_certificate.wildcard_simplereport_gov.secret_id
   }
 
   ssl_policy {

diff --git a/ops/services/app_service/main.tf b/ops/services/app_service/main.tf
@@ -200,7 +200,7 @@ resource "azurerm_app_service_certificate" "app" {
   name                = "new-sr-wildcard"
   resource_group_name = var.resource_group_name
   location            = var.resource_group_location
-  key_vault_secret_id = "https://simple-report-global.vault.azure.net/certificates/new-sr-wildcard/387cec9bcc254ac7970aa21311b075fc"
+  key_vault_secret_id = data.azurerm_key_vault_certificate.wildcard_simplereport_gov.secret_id
 }
 
 resource "azurerm_app_service_certificate_binding" "app" {