diff --git a/src/api-service/__app__/onefuzzlib/secrets.py b/src/api-service/__app__/onefuzzlib/secrets.py index 7f787b727..14c9209cf 100644 --- a/src/api-service/__app__/onefuzzlib/secrets.py +++ b/src/api-service/__app__/onefuzzlib/secrets.py @@ -4,6 +4,7 @@ # Licensed under the MIT License. +import os from typing import Tuple, Type, TypeVar, cast from urllib.parse import urlparse from uuid import uuid4 @@ -12,7 +13,7 @@ from azure.keyvault.secrets import KeyVaultSecret from onefuzztypes.models import SecretAddress, SecretData from pydantic import BaseModel -from .azure.creds import get_instance_name, get_keyvault_client +from .azure.creds import get_keyvault_client A = TypeVar("A", bound=BaseModel) @@ -43,7 +44,8 @@ def get_secret_string_value(self: SecretData[str]) -> str: def get_keyvault_address() -> str: # https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name - return f"https://{get_instance_name()}-vault.vault.azure.net" + keyvault_name = os.environ["ONEFUZZ_KEYVAULT"] + return f"https://{keyvault_name}.vault.azure.net" def store_in_keyvault( diff --git a/src/deployment/azuredeploy.json b/src/deployment/azuredeploy.json index 95580ba6e..7a034539b 100644 --- a/src/deployment/azuredeploy.json +++ b/src/deployment/azuredeploy.json @@ -57,7 +57,7 @@ "Network Contributor": "4d97b98b-1d4f-4787-a291-c67834d212e7", "Storage Account Contributor": "17d1049b-9a84-46fb-8f53-869881c3d3ab", "Virtual Machine Contributor": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c", - "keyVaultName": "[concat(parameters('name'), '-vault')]" + "keyVaultName": "[concat('of-kv-', uniquestring(resourceGroup().id))]" }, "functions": [ { @@ -234,6 +234,10 @@ "name": "ONEFUZZ_MONITOR", "value": "[variables('monitorAccountName')]" }, + { + "name": "ONEFUZZ_KEYVAULT", + "value": "[variables('keyVaultName')]" + }, { "name": "ONEFUZZ_OWNER", "value": "[parameters('owner')]"