[DEVOPS-1260] Update workflows to use new CI only keyvault (#5157)

* Use new CI Azure Key Vault * Change name * Fix * Fix
2026-01-08 11:33:28 +00:00 · 2023-04-11 18:37:58 +02:00
parent 7ac893ad7c
commit 2722198191
14 changed files with 53 additions and 48 deletions
--- a/.github/workflows/build-web.yml
+++ b/.github/workflows/build-web.yml
@@ -228,11 +228,16 @@ jobs:
        working-directory: apps/web
        run: unzip web-${{ env._VERSION }}-${{ matrix.artifact_name }}.zip

+      - name: Login to Azure
+        uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010  # v1.1
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
      - name: Retrieve github PAT secrets
        id: retrieve-secret-pat
        uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
        with:
-          keyvault: "bitwarden-prod-kv"
+          keyvault: "bitwarden-ci"
          secrets: "github-pat-bitwarden-devops-bot-repo-scope"

      - name: Setup DCT
@@ -240,7 +245,7 @@ jobs:
        id: setup-dct
        uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff
        with:
-          azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
          azure-keyvault-name: "bitwarden-prod-kv"

      - name: Build Docker image
@@ -282,13 +287,13 @@ jobs:
      - name: Login to Azure
        uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010  # v1.1
        with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
        uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
        with:
-          keyvault: "bitwarden-prod-kv"
+          keyvault: "bitwarden-ci"
          secrets: "crowdin-api-token"

      - name: Upload Sources
@@ -342,14 +347,14 @@ jobs:
        uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010  # v1.1
        if: failure()
        with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
        if: failure()
        uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
        with:
-          keyvault: "bitwarden-prod-kv"
+          keyvault: "bitwarden-ci"
          secrets: "devops-alerts-slack-webhook-url"

      - name: Notify Slack on failure