kewalaka
commented
4 months ago this would be a good opportunity to make the keyvault optional, in my opinion. Other remaining variables are not sensitive and could be sourced from the json file.
having a central keyvault managing secrets for multiple workloads is not aligned to the well architected framework (I understand, this is just for the foundational artifacts, but still.. if it can be done securely without a KV, then win-win 😊).
https://learn.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure?view=azure-devops#create-an-azure-resource-manager-service-connection-using-workload-identity-federation