Alan-Jowett / CoPilot-For-Consensus / 20626659897 / 13
78%
main: 78%

DEFAULT BRANCH: main
Ran
Files 7
Run time 0s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 87.461%. First build
20626659897.13

push

github

web-flow 
Add automated JWT key generation via Key Vault deployment script (#663)

* Add automated JWT key generation via Key Vault deployment script

- Add jwtkeys.bicep module to generate RSA 2048 keypair per deployment using openssl in Azure CLI container
- Store generated keys as secrets in Key Vault for auth service consumption
- Grant deployment script identity write permissions on Key Vault secrets
- Wire JWT secret URIs into Container Apps auth service environment
- Add jwtForceUpdateTag parameter to main.bicep for key regeneration control
- Create dedicated UAMI for deployment script execution with KV write access
- Fix BCP318 warnings with non-null assertions on conditional modules

Related to #647. Future enhancement tracked in #655 for Key Vault sign operations.

Signed-off-by: GitHub Copilot <copilot@github.com>

* Fix JWT key secret handling and add Key Vault provider support

- Add trap for explicit temp directory cleanup in deployment script
- Configure Container Apps to use Azure Key Vault provider directly instead of env vars
- Revert auth.json JWT keys to use secret provider (source: secret)
- Pass Key Vault name to Container Apps via AZURE_KEYVAULT_NAME env var
- Remove Key Vault secret URI parameters from Container Apps
- Add 'azurekeyvault' alias to secret provider factory
- Update jwtkeys module outputs to return Key Vault name instead of secret URIs

This ensures secrets are pulled directly from Key Vault by containers using
managed identity authentication, rather than being exposed via environment
variables. Follows security best practice of not sharing secrets via env vars.

Addresses PR review comments.

Signed-off-by: GitHub Copilot <copilot@github.com>

* Fix secret naming convention to use underscores

Revert JWT secret names from hyphenated (jwt-private-key) to underscore
convention (jwt_private_key) to match original schema and codebase standards.

Signed-off-by: GitHub Copilot <copilot@github.com>

* feat(secrets): Add automatic... (continued)

279 of 319 relevant lines covered (87.46%)

0.87 hits per line

Source Files on job copilot_schema_validation - 20626659897.13