Merge pull request #12 from data-platform-hq/fix_ingore_rotated_key

fix: ignore tde key id on rotation
data-platform-hq · Sep 26, 2023 · a1a0c3c · a1a0c3c
2 parents fa886d2 + 80b3d4e
commit a1a0c3c
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/main.tf b/main.tf
@@ -48,6 +48,11 @@ resource "azurerm_mssql_server_transparent_data_encryption" "this" {
   key_vault_key_id      = var.key_vault_key_id
   auto_rotation_enabled = var.auto_rotation_enabled
 
+  # When automated TDE Key rotation is enabled, it is required to ignore new Key id for state consistency. 
+  lifecycle {
+    ignore_changes = [key_vault_key_id]
+  }
+
   depends_on = [azurerm_key_vault_access_policy.tde_policy]
 }