diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0b4e1ba8e2..47eef1845f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -321,20 +321,13 @@ jobs: github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc') id: retrieve-secrets - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - docker-password, - docker-username, - dct-delegate-2-repo-passphrase, - dct-delegate-2-key - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f + with: + keyvault: "bitwarden-prod-kv" + secrets: "docker-password, + docker-username, + dct-delegate-2-repo-passphrase, + dct-delegate-2-key" - name: Log into Docker if: | @@ -517,20 +510,13 @@ jobs: with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - - name: Retrieve Secrets + - name: Retrieve secrets id: retrieve-secrets + uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f if: failure() - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - devops-alerts-slack-webhook-url - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + with: + keyvault: "bitwarden-prod-kv" + secrets: "devops-alerts-slack-webhook-url" - name: Notify Slack on failure uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 # v1.2.2 diff --git a/.github/workflows/container-registry-purge.yml b/.github/workflows/container-registry-purge.yml index 3b96a559a6..7bb1d69288 100644 --- a/.github/workflows/container-registry-purge.yml +++ b/.github/workflows/container-registry-purge.yml @@ -81,18 +81,11 @@ jobs: - name: Retrieve secrets id: retrieve-secrets + uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f if: failure() - env: - KEYVAULT: bitwarden-prod-kv - SECRETS: | - devops-alerts-slack-webhook-url - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + with: + keyvault: "bitwarden-prod-kv" + secrets: "devops-alerts-slack-webhook-url" - name: Notify Slack on failure uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33 diff --git a/.github/workflows/qa-deploy.yml b/.github/workflows/qa-deploy.yml index 969856cf19..47e3569410 100644 --- a/.github/workflows/qa-deploy.yml +++ b/.github/workflows/qa-deploy.yml @@ -38,19 +38,12 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - env: - KEYVAULT: bitwarden-qa-kv - SECRETS: | - mssql-server-host, - mssql-admin-login, - mssql-admin-login-password - run: | - for i in ${SECRETS//,/ } - do - VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv) - echo "::add-mask::$VALUE" - echo "::set-output name=$i::$VALUE" - done + uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 + with: + keyvault: "bitwarden-qa-kv" + secrets: "mssql-server-host, + mssql-admin-login, + mssql-admin-login-password" - name: Migrate database env: