Fix: use agency card as prefix for key vault name #354
Conversation
this will rename MST's key vault
|
So it seems like the
|
Good point that you probably want to see a successful plan before approving. I can go ahead and delete the Key Vault in dev. |
|
Ah, I see -- you were expecting this and would clean it up post merge. It's all good 👍 |
|
Hmm, we've made it very hard to fully delete our Key Vaults. We enabled purge protection on them, and once it's enabled, you can't disable it. This means when we delete a Key Vault, it is in a soft-deleted state and can be recovered within the configured retention period (ours is set to 90 days). You cannot purge the Key Vault until the retention period has passed. Here's a screenshot of my attempt at deleting + purging the MST Key Vault in dev. I recovered the Key Vault when I realized I can't actually purge it.
|
Is it possible to shorten the retention period for Eligibility Server key vaults? Like to 1 day? Via Terraform or otherwise |
No, we can't change the retention period once it's set. I just realized though that it's ok for the Key Vault to be in a soft-deleted state... we're not trying to reuse that name; we just want it to not exist so that Terraform doesn't try to delete it. 🧠 I'm gonna try again with deleting it and re-running the pipeline to get a Terraform plan |
Closes #353
Use the agency card name instead of a hard-coded
eligibility-server. Key Vault names are limited to 24 characters.Note that this will rename MST's key vault, which is ok because it just contains the Slack email for notifications.
Post-approval
lifecycle.prevent_destroyis set totruePost-merge