diff --git a/fast/stages/2-security/README.md b/fast/stages/2-security/README.md
index 1cde6c121..ebd1a475e 100644
--- a/fast/stages/2-security/README.md
+++ b/fast/stages/2-security/README.md
@@ -182,20 +182,19 @@ A reference Certificate Authority Services (CAS) is also part of this stage, all
| name | description | type | required | default | producer |
|---|---|:---:|:---:|:---:|:---:|
| [billing_account](variables-fast.tf#L17) | Billing account id. | object({…}) | ✓ | | 0-org-setup |
-| [prefix](variables-fast.tf#L65) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | string | ✓ | | 0-org-setup |
+| [prefix](variables-fast.tf#L57) | Prefix used for resources that need unique names. Use a maximum of 9 chars for organizations, and 11 chars for tenants. | string | ✓ | | 0-org-setup |
| [context](variables.tf#L17) | Context-specific interpolations. | object({…}) | | {} | |
| [custom_roles](variables-fast.tf#L25) | Custom roles defined at the org level, in key => id format. | map(string) | | {} | 0-org-setup |
| [factories_config](variables.tf#L35) | Configuration for the resource factories or external data. | object({…}) | | {} | |
| [folder_ids](variables-fast.tf#L33) | Folders created in the bootstrap stage. | map(string) | | {} | 0-org-setup |
| [iam_principals](variables-fast.tf#L41) | IAM-format principals. | map(string) | | {} | 0-org-setup |
-| [kms_keys](variables-fast.tf#L49) | KMS key ids. | map(string) | | {} | 2-security |
-| [perimeters](variables-fast.tf#L57) | Optional VPC-SC perimeter ids. | map(string) | | {} | 1-vpcsc |
-| [project_ids](variables-fast.tf#L75) | Projects created in the bootstrap stage. | map(string) | | {} | 0-org-setup |
-| [service_accounts](variables-fast.tf#L83) | Service accounts created in the bootstrap stage. | map(string) | | {} | 0-org-setup |
-| [storage_buckets](variables-fast.tf#L91) | Storage buckets created in the bootstrap stage. | map(string) | | {} | 0-org-setup |
-| [tag_keys](variables-fast.tf#L99) | FAST-managed resource manager tag keys. | map(string) | | {} | 0-org-setup |
-| [tag_values](variables-fast.tf#L107) | FAST-managed resource manager tag values. | map(string) | | {} | 0-org-setup |
-| [universe](variables-fast.tf#L115) | GCP universe where to deploy projects. The prefix will be prepended to the project id. | object({…}) | | null | 0-org-setup |
+| [perimeters](variables-fast.tf#L49) | Optional VPC-SC perimeter ids. | map(string) | | {} | 1-vpcsc |
+| [project_ids](variables-fast.tf#L67) | Projects created in the bootstrap stage. | map(string) | | {} | 0-org-setup |
+| [service_accounts](variables-fast.tf#L75) | Service accounts created in the bootstrap stage. | map(string) | | {} | 0-org-setup |
+| [storage_buckets](variables-fast.tf#L83) | Storage buckets created in the bootstrap stage. | map(string) | | {} | 0-org-setup |
+| [tag_keys](variables-fast.tf#L91) | FAST-managed resource manager tag keys. | map(string) | | {} | 0-org-setup |
+| [tag_values](variables-fast.tf#L99) | FAST-managed resource manager tag values. | map(string) | | {} | 0-org-setup |
+| [universe](variables-fast.tf#L107) | GCP universe where to deploy projects. The prefix will be prepended to the project id. | object({…}) | | null | 0-org-setup |
## Outputs
diff --git a/fast/stages/2-security/main.tf b/fast/stages/2-security/main.tf
index 9fd78407e..3bcd564ec 100644
--- a/fast/stages/2-security/main.tf
+++ b/fast/stages/2-security/main.tf
@@ -31,7 +31,8 @@ locals {
_defaults = yamldecode(file(local.paths.defaults))
# extend context with our own data
ctx = merge(local._ctx, {
- folder_ids = merge(var.folder_ids, local._ctx.folder_ids)
+ custom_roles = merge(var.custom_roles, local._ctx.custom_roles)
+ folder_ids = merge(var.folder_ids, local._ctx.folder_ids)
iam_principals = merge(
var.iam_principals,
{
diff --git a/fast/stages/2-security/variables-fast.tf b/fast/stages/2-security/variables-fast.tf
index 6c5811024..32a50f53d 100644
--- a/fast/stages/2-security/variables-fast.tf
+++ b/fast/stages/2-security/variables-fast.tf
@@ -46,14 +46,6 @@ variable "iam_principals" {
default = {}
}
-variable "kms_keys" {
- # tfdoc:variable:source 2-security
- description = "KMS key ids."
- type = map(string)
- nullable = false
- default = {}
-}
-
variable "perimeters" {
# tfdoc:variable:source 1-vpcsc
description = "Optional VPC-SC perimeter ids."