From 62c8b4c77d6e533f78d10fae0346b3e5cd411509 Mon Sep 17 00:00:00 2001
From: Opeyemi <54288773+Eeebru@users.noreply.github.com>
Date: Mon, 17 Apr 2023 18:03:32 +0100
Subject: [PATCH] [DEVOPS-1259] reupdate CI-only KV SP (#2858)

* reupdate CI-only KV SP

* add some edits
---
 .github/workflows/build-self-host.yml          | 4 ++--
 .github/workflows/build.yml                    | 6 +++---
 .github/workflows/container-registry-purge.yml | 4 ++--
 .github/workflows/release.yml                  | 7 ++++++-
 .github/workflows/stop-staging-slots.yml       | 9 +++++++--
 .github/workflows/version-bump.yml             | 4 ++--
 6 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/build-self-host.yml b/.github/workflows/build-self-host.yml
index 785460df40..f00c85ca81 100644
--- a/.github/workflows/build-self-host.yml
+++ b/.github/workflows/build-self-host.yml
@@ -64,7 +64,7 @@ jobs:
       - name: Login to Azure - CI Subscription
         uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
         with:
-          creds: ${{ secrets. AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
       - name: Retrieve github PAT secrets
         id: retrieve-secret-pat
@@ -169,7 +169,7 @@ jobs:
         uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
         if: failure()
         with:
-          creds: ${{ secrets. AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index f7f4c71811..65adc85a7f 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -283,7 +283,7 @@ jobs:
       - name: Login to Azure - CI Subscription
         uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
         with:
-          creds: ${{ secrets. AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
       - name: Retrieve github PAT secrets
         id: retrieve-secret-pat
@@ -564,11 +564,11 @@ jobs:
               exit 1
           fi
 
-      - name: Login to Azure - Prod Subscription
+      - name: Login to Azure - CI subscription
         uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
         if: failure()
         with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
diff --git a/.github/workflows/container-registry-purge.yml b/.github/workflows/container-registry-purge.yml
index 09cf68e296..984ef8675a 100644
--- a/.github/workflows/container-registry-purge.yml
+++ b/.github/workflows/container-registry-purge.yml
@@ -84,11 +84,11 @@ jobs:
               exit 1
           fi
 
-      - name: Login to Azure - Prod Subscription
+      - name: Login to Azure - CI subscription
         uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
         if: failure()
         with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c2dada71e5..0f38546e0c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -108,6 +108,11 @@ jobs:
         with:
           creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
 
+      - name: Login to Azure - CI subscription
+        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
       - name: Retrieve secrets
         id: retrieve-secrets
         env:
@@ -238,7 +243,7 @@ jobs:
         if: matrix.origin_docker_repo == 'bitwarden'
         uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff
         with:
-          azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
           azure-keyvault-name: "bitwarden-ci"
 
       - name: Pull latest project image
diff --git a/.github/workflows/stop-staging-slots.yml b/.github/workflows/stop-staging-slots.yml
index a2e0120f5b..76ae4b9b9f 100644
--- a/.github/workflows/stop-staging-slots.yml
+++ b/.github/workflows/stop-staging-slots.yml
@@ -28,10 +28,10 @@ jobs:
           echo "NAME_LOWER: $NAME_LOWER"
           echo "name_lower=$NAME_LOWER" >> $GITHUB_OUTPUT
 
-      - name: Login to Azure
+      - name: Login to Azure - CI Subscription
         uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
         with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERRVICE_PRINCIPAL }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -46,6 +46,11 @@ jobs:
           echo "::add-mask::$webapp_name"
           echo "webapp-name=$webapp_name" >> $GITHUB_OUTPUT
 
+      - name: Login to Azure
+        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
+        with:
+          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+
       - name: Stop staging slot
         env:
           SERVICE: ${{ matrix.name }}
diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml
index 335951fed7..026c678623 100644
--- a/.github/workflows/version-bump.yml
+++ b/.github/workflows/version-bump.yml
@@ -16,10 +16,10 @@ jobs:
       - name: Checkout Branch
         uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
 
-      - name: Login to Azure - Prod Subscription
+      - name: Login to Azure - CI Subscription
         uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
         with:
-         creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+         creds: ${{ secrets.AZURE_CI_KV_SERVICE_PRINCIPAL }}
 
       - name: Retrieve secrets
         id: retrieve-secrets