Alan-Jowett / CoPilot-For-Consensus / 20981240031
82%

DEFAULT BRANCH: main
Ran
Jobs 0
Files 0
Run time
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
20981240031

push

github

web-flow 
fix(infra): Remove secrets from environment variables, use secret_provider architecture (#855)

* fix: support both appinsights and azure secret names in metrics schema

The Bicep deployment creates Key Vault secrets with these names:
- appinsights-instrumentation-key
- appinsights-connection-string

But the schema was looking for:
- azure_connection_string
- azure_monitor_instrumentation_key

Updated the schema to try both naming conventions for backward compatibility with local dev and Bicep deployments.

* Revert "fix: support both appinsights and azure secret names in metrics schema"

This reverts commit aa51f2710.

* fix: align Azure Monitor secret names with schema expectations

Update Bicep deployment to create Key Vault secrets with names matching
the metrics adapter schema:
- appinsights-instrumentation-key → azure_monitor_instrumentation_key
- appinsights-connection-string → azure_connection_string

These names are expected by the copilot_config secret provider adapter
which reads them from Key Vault using the secret names defined in
docs/schemas/configs/adapters/drivers/metrics/metrics_azure_monitor.json

BREAKING: Deployments using the old secret names will need to be
redeployed to use the new naming convention.

* fix(infra): Remove secrets from environment variables, use secret_provider

Architectural fix: Secrets should be loaded via secret_provider from Key Vault
using schema secret_name field, not injected as environment variables with
@Microsoft.KeyVault(...) references.

Changes:
- Removed APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING
  environment variables from all 8 microservices in containerapps.bicep
- These secrets are already in Key Vault (azure_monitor_instrumentation_key,
  azure_connection_string) and will be loaded automatically by copilot_config
  Phase 3 using the secret_provider with managed identity
- Enhanced validate_bicep_config.py to detect architectural vi... (continued)
Source Files on build 20981240031
Detailed source file information is not available for this build.