Skip to content

Allowed networks for keyvault resources

Arturo Hernandez [EPAM] requested to merge 264-ah/allowed-networks into master

All Submissions:


  • [YES] Have you added an explanation of what your changes do and why you'd like us to include them?
  • [YES] I have updated the documentation accordingly.
  • [YES] My code follows the code style of this project.

Current Behavior or Linked Issues


Terraform manages some secret values in the keyvault, when backend_network_access_enabled = true the keyvault access will not be allowed anymore from anywhere, meaning that terraform will not be able to manage secrets anymore.

To overcome this we introduced new variable with backend_access_allowed_networks = ["X.X.X.X/X"] ip addresses whitelist, which by default uses the azure devops ip addresses ranges defined in docs

Does this introduce a breaking change?


  • [NO] By defect this feature it is not enabled, this is only aimed for customer which are using the backend netwroks access disabled feature.

Other information


As for now we are implementing this for azure keyvault, potentially for other resources this will be handy, however, would recommend to make different issues to address different resources, as some of them can be tricky (such as redis).

Closes #264 (closed)

Merge request reports

Loading