fix: removed the Unused resource key vault

[Dhruvkumar-Microsoft]

Purpose

This pull request removes all code related to Key Vault provisioning and secret export from the infrastructure templates. The main impact is that Key Vaults are no longer created or managed by these modules, and secrets are not exported to Key Vaults as part of the deployment. The code is simplified by removing parameters, types, modules, and outputs related to Key Vaults and secret export functionality.

Key Vault removal and related changes:

• Removed the keyVault module and all associated parameters, variables, and resource dependencies from infra/main.bicep and infra/main_custom.bicep, including DNS zone references and index entries. [1] [2] [3] [4] [5] [6]
• Deleted the entire infra/modules/keyVault.bicep file, removing the definition for provisioning Key Vault resources.
• Deleted the infra/modules/ai-foundry/keyVaultExport.bicep file, removing the logic for exporting secrets to Key Vaults.

Secret export functionality removal:

• Removed the secretsExportConfiguration parameter, type, and related logic from infra/modules/ai-foundry/aifoundry.bicep and infra/modules/ai-foundry/dependencies.bicep. This includes removing the module invocation for exporting secrets and the output for exported secrets. [1] [2] [3] [4] [5] [6]
• Removed the secretsExportConfigurationType type definition from multiple files. [1] [2] [3]

Documentation update:

• Updated the README.md to remove mention of Azure Key Vault usage.

These changes simplify the infrastructure codebase and remove Key Vault as a managed dependency, so any Key Vault-related functionality must now be handled externally.

Does this introduce a breaking change?

• Yes
• No

Golden Path Validation

• I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

• I have validated the deployment process successfully and all services are running as expected with this change.

What to Check

Verify that the following are valid

• ...

Other Information

[Copilot]

Pull request overview

This PR removes Key Vault provisioning and the associated “export secrets to Key Vault” infrastructure path, simplifying the deployment templates so Key Vault is no longer created/managed by this accelerator.

Changes:

• Removed the Key Vault deployment module and its private DNS zone entry/indexing from infra/main.bicep and infra/main_custom.bicep.
• Removed the AI Foundry secrets-export-to-Key Vault capability (parameter/type, module invocation, and outputs) from the AI Foundry modules.
• Updated the README security section to remove Key Vault mention; updated generated infra/main.json accordingly.

Reviewed changes

Copilot reviewed 8 out of 9 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
README.md	Removes Key Vault mention from security guidelines.
infra/main.bicep	Drops Key Vault DNS zone/index and removes Key Vault module deployment.
infra/main_custom.bicep	Mirrors main template by removing Key Vault DNS zone/index and Key Vault module deployment.
infra/main.json	Regenerated ARM template reflecting Key Vault and secrets-export removal.
infra/modules/keyVault.bicep	Deleted Key Vault provisioning module.
infra/modules/ai-foundry/keyVaultExport.bicep	Deleted module that exported secrets to Key Vault.
infra/modules/ai-foundry/dependencies.bicep	Removes secrets export configuration/module; exportedSecrets output now empty.
infra/modules/ai-foundry/aifoundry.bicep	Removes secrets export configuration parameter/type wiring to dependencies module.
infra/modules/ai-foundry/ai-services.bicep	Removes exported secrets configuration type.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.