use the unique-string based keyvault names (#462)

src/api-service/__app__/onefuzzlib/secrets.py

@@ -4,6 +4,7 @@
 # Licensed under the MIT License.
 
 
+import os
 from typing import Tuple, Type, TypeVar, cast
 from urllib.parse import urlparse
 from uuid import uuid4
@@ -12,7 +13,7 @@ from azure.keyvault.secrets import KeyVaultSecret
 from onefuzztypes.models import SecretAddress, SecretData
 from pydantic import BaseModel
 
-from .azure.creds import get_instance_name, get_keyvault_client
+from .azure.creds import get_keyvault_client
 
 A = TypeVar("A", bound=BaseModel)
 
@@ -43,7 +44,8 @@ def get_secret_string_value(self: SecretData[str]) -> str:
 
 def get_keyvault_address() -> str:
     # https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name
-    return f"https://{get_instance_name()}-vault.vault.azure.net"
+    keyvault_name = os.environ["ONEFUZZ_KEYVAULT"]
+    return f"https://{keyvault_name}.vault.azure.net"
 
 
 def store_in_keyvault(

src/deployment/azuredeploy.json

@@ -57,7 +57,7 @@
         "Network Contributor": "4d97b98b-1d4f-4787-a291-c67834d212e7",
         "Storage Account Contributor": "17d1049b-9a84-46fb-8f53-869881c3d3ab",
         "Virtual Machine Contributor": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
-        "keyVaultName": "[concat(parameters('name'), '-vault')]"
+        "keyVaultName": "[concat('of-kv-', uniquestring(resourceGroup().id))]"
     },
     "functions": [
         {
@@ -234,6 +234,10 @@
                             "name": "ONEFUZZ_MONITOR",
                             "value": "[variables('monitorAccountName')]"
                         },
+                        {
+                            "name": "ONEFUZZ_KEYVAULT",
+                            "value": "[variables('keyVaultName')]"
+                        },
                         {
                             "name": "ONEFUZZ_OWNER",
                             "value": "[parameters('owner')]"