[DEVOPS-1259]Update pipeline to CI only KV (#2854)

* Update pipeline to CI only KV
2026-01-03 09:03:44 +00:00 · 2023-04-17 14:06:57 +01:00
parent 09c1b2e07e
commit 972a500745
6 changed files with 22 additions and 15 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -280,11 +280,16 @@ jobs:
      - name: Login to PROD ACR
        run: az acr login -n bitwardenprod

+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
+        with:
+          creds: ${{ secrets. AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
      - name: Retrieve github PAT secrets
        id: retrieve-secret-pat
        uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
        with:
-          keyvault: "bitwarden-prod-kv"
+          keyvault: "bitwarden-ci"
          secrets: "github-pat-bitwarden-devops-bot-repo-scope"

      - name: Retrieve secrets
@@ -292,7 +297,7 @@ jobs:
        id: retrieve-secrets
        uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
        with:
-          keyvault: "bitwarden-prod-kv"
+          keyvault: "bitwarden-ci"
          secrets: "docker-password,
            docker-username,
            dct-delegate-2-repo-passphrase,
@@ -570,7 +575,7 @@ jobs:
        uses: bitwarden/gh-actions/get-keyvault-secrets@c3b3285993151c5af47cefcb3b9134c28ab479af
        if: failure()
        with:
-          keyvault: "bitwarden-prod-kv"
+          keyvault: "bitwarden-ci"
          secrets: "devops-alerts-slack-webhook-url"

      - name: Notify Slack on failure