Description
Deployed resources often require secrets (connection strings, API keys). Git-ape's copilot-instructions.md mentions Key Vault references (@Microsoft.KeyVault(...)) but there's no automated Key Vault provisioning or secrets wiring in the template generator.
Scope
- Auto-provision Key Vault — When a deployment includes resources that need secrets, auto-include a Key Vault in the template.
- Key Vault references — All app settings that contain secrets use
@Microsoft.KeyVault(...) references instead of inline values.
- Secrets rotation guidance — Post-deployment runbook section on secrets rotation.
- Managed identity access — Auto-configure managed identity access policies on the Key Vault.
Acceptance Criteria
Description
Deployed resources often require secrets (connection strings, API keys). Git-ape's
copilot-instructions.mdmentions Key Vault references (@Microsoft.KeyVault(...)) but there's no automated Key Vault provisioning or secrets wiring in the template generator.Scope
@Microsoft.KeyVault(...)references instead of inline values.Acceptance Criteria