localstack · DrisDary · Apr 2, 2026 · Apr 1, 2026 · Apr 1, 2026 · Apr 1, 2026
@@ -11,7 +11,7 @@ set -euo pipefail
 # - LocalStack CLI
 # - Terraform CLI
 # - azlocal & terraform-local (pip install azlocal terraform-local)
-# - funclocal (pip install funclocal)
+# - Azure Functions Core Tools (func)
 # - Azure Functions Core Tools (func)
 # - jq & zip (sudo apt-get install jq zip)
 # - MSSQL Tools (sqlcmd)
@@ -96,7 +96,6 @@ fi
 command -v localstack >/dev/null 2>&1 || { echo >&2 "localstack CLI is required but not installed. Aborting."; exit 1; }
 command -v az >/dev/null 2>&1 || { echo >&2 "az CLI is required but not installed. Aborting."; exit 1; }
 command -v azlocal >/dev/null 2>&1 || { echo >&2 "azlocal is required but not installed. Run 'pip install azlocal'. Aborting."; exit 1; }
-command -v funclocal >/dev/null 2>&1 || { echo >&2 "funclocal is required but not installed. Run 'pip install azlocal'. Aborting."; exit 1; }
 #command -v tflocal >/dev/null 2>&1 || { echo >&2 "tflocal is required but not installed. Run 'pip install terraform-local'. Aborting."; exit 1; }
 command -v terraform >/dev/null 2>&1 || { echo >&2 "terraform CLI is required but not installed. Aborting."; exit 1; }
 command -v func >/dev/null 2>&1 || { echo >&2 "Azure Functions Core Tools (func) is required but not installed. Aborting."; exit 1; }

@@ -119,6 +119,7 @@ fi
 # Get the output values
 RESOURCE_GROUP_NAME=$(terraform output -raw resource_group_name)
 STORAGE_ACCOUNT_NAME=$(terraform output -raw storage_account_name)
+KEY_VAULT_NAME=$(terraform output -raw key_vault_name)
 ACR_NAME=$(terraform output -raw acr_name)
 ACI_GROUP_NAME=$(terraform output -raw aci_group_name)
 FQDN=$(terraform output -raw fqdn)
@@ -129,6 +130,7 @@ echo "Deployment Complete!"
 echo "============================================================"
 echo "Resource Group:    $RESOURCE_GROUP_NAME"
 echo "Storage Account:   $STORAGE_ACCOUNT_NAME"
+echo "Key Vault:         $KEY_VAULT_NAME"
 echo "ACR:               $ACR_NAME"
 echo "ACI Container:     $ACI_GROUP_NAME"
 echo "FQDN:              $FQDN"

@@ -2,10 +2,14 @@
 locals {
   resource_group_name  = "${var.prefix}-aci-rg"
   storage_account_name = "${var.prefix}acistorage${var.suffix}"
+  key_vault_name       = "${var.prefix}acikv${var.suffix}"
   acr_name             = "${var.prefix}aciacr${var.suffix}"
   aci_group_name       = "${var.prefix}-aci-planner-${var.suffix}"
 }
 
+# Get the current client configuration (for tenant_id)
+data "azurerm_client_config" "current" {}
+
 # Create a resource group
 resource "azurerm_resource_group" "example" {
   name     = local.resource_group_name
@@ -37,6 +41,30 @@ resource "azurerm_storage_container" "example" {
   container_access_type = "private"
 }
 
+# Create Key Vault
+resource "azurerm_key_vault" "example" {
+  name                       = local.key_vault_name
+  resource_group_name        = azurerm_resource_group.example.name
+  location                   = azurerm_resource_group.example.location
+  tenant_id                  = data.azurerm_client_config.current.tenant_id
+  sku_name                   = "standard"
+  enable_rbac_authorization  = true
+  tags                       = var.tags
+
+  lifecycle {
+    ignore_changes = [
+      tags
+    ]
+  }
+}
+
+# Store the storage connection string in Key Vault
+resource "azurerm_key_vault_secret" "storage_conn" {
+  name         = "storage-conn"
+  value        = "DefaultEndpointsProtocol=http;AccountName=${azurerm_storage_account.example.name};AccountKey=${azurerm_storage_account.example.primary_access_key};BlobEndpoint=${azurerm_storage_account.example.primary_blob_endpoint}"
+  key_vault_id = azurerm_key_vault.example.id
+}
+
 # Reference the pre-created ACR (created by deploy.sh before terraform apply)
 data "azurerm_container_registry" "example" {
   name                = local.acr_name
@@ -76,7 +104,7 @@ resource "azurerm_container_group" "example" {
     }
 
     secure_environment_variables = {
-      AZURE_STORAGE_CONNECTION_STRING = "DefaultEndpointsProtocol=http;AccountName=${azurerm_storage_account.example.name};AccountKey=${azurerm_storage_account.example.primary_access_key};BlobEndpoint=${azurerm_storage_account.example.primary_blob_endpoint}"
+      AZURE_STORAGE_CONNECTION_STRING = azurerm_key_vault_secret.storage_conn.value
     }
   }
 

@@ -6,6 +6,10 @@ output "storage_account_name" {
   value = azurerm_storage_account.example.name
 }
 
+output "key_vault_name" {
+  value = azurerm_key_vault.example.name
+}
+
 output "acr_name" {
   value = data.azurerm_container_registry.example.name
 }

@@ -24,14 +24,7 @@ ENVIRONMENT=$(az account show --query environmentName --output tsv)
 # Change the current directory to the script's directory
 cd "$CURRENT_DIR" || exit
 
-# Choose the appropriate CLI based on the environment
-if [[ $ENVIRONMENT == "LocalStack" ]]; then
-	echo "Using funclocal for LocalStack emulator environment."
-	FUNC="funclocal"
-else
-	echo "Using standard func for AzureCloud environment."
-	FUNC="func"
-fi
+FUNC="func"
 
 # Create a resource group
 echo "Checking if resource group [$RESOURCE_GROUP_NAME] exists in the subscription [$SUBSCRIPTION_NAME]..."