Merge pull request #11 from pamelafox/secret-keyvault

README.md

@@ -118,7 +118,7 @@ It is important to secure the databases in web applications to prevent unwanted
 This infrastructure uses the following mechanisms to secure the PostgreSQL database:
 
 * Azure Firewall: The database is accessible only from other Azure IPs, not from public IPs. (Note that includes other customers using Azure).
-* Admin Username: Unique string generated based on subscription ID and stored in Key Vault.
+* Admin Username: Randomly generated and stored in Key Vault.
 * Admin Password: Randomly generated and stored in Key Vault.
 * PostgreSQL Version: Latest available on Azure, version 14, which includes security improvements.
 * Django Admin Interface: The URL (typically "/admin") is a unique string generated based on the App Service Plan ID.

infra/main.bicep

@@ -11,7 +11,7 @@ param location string
 
 @secure()
 @description('PostGreSQL Server administrator username')
-param postgresAdminUser string = 'admin${uniqueString(subscription().subscriptionId)}'
+param postgresAdminUser string
 
 @secure()
 @description('PostGreSQL Server administrator password')
@@ -163,3 +163,4 @@ module logAnalyticsWorkspace 'core/monitor/loganalytics.bicep' = {
 
 output WEB_URI string = 'https://${web.outputs.uri}'
 output AZURE_LOCATION string = location
+output AZURE_KEY_VAULT_NAME string = keyVault.outputs.name

infra/main.parameters.json

@@ -11,6 +11,9 @@
       "principalId": {
         "value": "${AZURE_PRINCIPAL_ID}"
       },
+      "postgresAdminUser": {
+        "value": "$(secretOrRandomPassword ${AZURE_KEY_VAULT_NAME} postgresAdminUser)"
+      },
       "postgresAdminPassword": {
         "value": "$(secretOrRandomPassword ${AZURE_KEY_VAULT_NAME} postgresAdminPassword)"
       },