diff --git a/hashicorp-vault/iac/modules/app_roles/main.tf b/hashicorp-vault/iac/modules/app_roles/main.tf
index c152694..27a855d 100644
--- a/hashicorp-vault/iac/modules/app_roles/main.tf
+++ b/hashicorp-vault/iac/modules/app_roles/main.tf
@@ -35,7 +35,7 @@ resource "vault_database_secret_backend_role" "role" {
     "GRANT ${local.owner_role} TO \"{{name}}\";",
   ]
   revocation_statements = [
-    "REASSIGN OWNED BY \"{{name}}\" TO ${local.owner_role};", # reassign must be executed in the database where the reassgined objects are - TODO (one connection per database/app)
+    "REASSIGN OWNED BY \"{{name}}\" TO ${local.owner_role};",       # reassign must be executed in the database where the reassgined objects are - TODO (one connection per database/app)
     "REVOKE ALL ON DATABASE ${local.database} FROM  \"{{name}}\";", # should we drop the role ? -> YES after fixing reassign
   ]
   renew_statements    = []
diff --git a/hashicorp-vault/iac/variables.tf b/hashicorp-vault/iac/variables.tf
index 49a16af..5c89240 100644
--- a/hashicorp-vault/iac/variables.tf
+++ b/hashicorp-vault/iac/variables.tf
@@ -11,9 +11,9 @@ variable "POSTGRES_CREDENTIALS_EDITOR_PASSWORD" {
 }
 variable "applications" {
   type = set(object({
-    name     = string
-    policies = optional(list(string), [])
-    service_account_names = optional(list(string), [])
+    name                       = string
+    policies                   = optional(list(string), [])
+    service_account_names      = optional(list(string), [])
     service_account_namespaces = optional(list(string), [])
     # Multi-env extension: list of envs this app deploys to. Defaults to ["prod"] for
     # every existing app — backwards compatible by the elision rule. Non-prod envs