Core key vault firewall should not be set to "Allow public access fro…

…m all networks" #4250
microsoft · Jan 6, 2025 · 6acf7f6 · 6acf7f6
1 parent 5f27bae
commit 6acf7f6
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -31,6 +31,7 @@ ENHANCEMENTS:
 * Upgrade Python version from 3.8 to 3.12 ([#3949](https://github.com/microsoft/AzureTRE/issues/3949))Upgrade Python version from 3.8 to 3.12 (#3949)
 * Disable storage account key usage ([[#4227](https://github.com/microsoft/AzureTRE/issues/4227)])
 * Update Guacamole dependencies ([[#4232](https://github.com/microsoft/AzureTRE/issues/4232)])
+* Core key vault firewall should not be set to "Allow public access from all networks" ([#4250](https://github.com/microsoft/AzureTRE/issues/4250))
 
 BUG FIXES:
 * Update KeyVault references in API to use the version so Terraform cascades the update ([#4112](https://github.com/microsoft/AzureTRE/pull/4112))

diff --git a/core/terraform/keyvault.tf b/core/terraform/keyvault.tf
@@ -8,6 +8,11 @@ resource "azurerm_key_vault" "kv" {
   purge_protection_enabled  = var.kv_purge_protection_enabled
   tags                      = local.tre_core_tags
 
+  network_acls {
+    bypass         = "AzureServices"
+    default_action = var.enable_local_debugging ? "Allow" : "Deny"
+  }
+
   lifecycle { ignore_changes = [access_policy, tags] }
 }
 

diff --git a/core/version.txt b/core/version.txt
@@ -1 +1 @@
-__version__ = "0.11.15"
+__version__ = "0.11.16"