Fix Terraform's Key Vault updating error (blocking the deploy-dev.yaml workflow from completing) #520
Description
When applying Terraform especially an environment updating change, everything gets applied successfully except for when Key Vault tries to update the DB password and then it fails with an error message like this:
This is valid because we do not want to update the db password but we still need Terraform Apply to end successfully because this causes Github Actions workflows to fail.
I have gotten Terraform Apply to end successfully by adding this feature to the azurerm provider:
provider "azurerm" {
features {
key_vault {
purge_soft_delete_on_destroy = true
recover_soft_deleted_key_vaults = true
}
}
}
and changing the purge_protection_enabled option to true in the Key Vault module, but this will create a new password. We ran out of time to test and make sure this doesn't break anything but from what I noticed the db was still able to read from the older password(I think because the recover_soft_deleted_key_vaults option is enabled?)
Acceptance Criteria
Either somehow turn this error into a warning to keep Terraform from failing, verify the soft purge option is a solid fix for this, or use a better way to work around the persistence of this Key Vault secret.
Additional context