ci: add lysnr kv seeder

scripts/seed-lysnr-kv.sh

@@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+# seeds LysnrAI secrets into kv-mywisprai using environment variables
+set -euo pipefail
+
+VAULT_NAME=${AZURE_KEYVAULT_NAME:-kv-mywisprai}
+
+SECRETS=(
+  lysnr-cosmos-endpoint
+  lysnr-cosmos-key
+  lysnr-jwt-secret
+  lysnr-stripe-secret-key
+  lysnr-stripe-webhook-secret
+  lysnr-billing-internal-key
+  lysnr-blob-connection-string
+  lysnr-blob-account-key
+  lysnr-seed-secret
+  lysnr-azure-speech-key
+  lysnr-azure-openai-key
+  lysnr-azure-openai-endpoint
+  lysnr-gemini-api-key
+)
+
+VARS=(
+  LYSNR_COSMOS_ENDPOINT
+  LYSNR_COSMOS_KEY
+  LYSNR_JWT_SECRET
+  LYSNR_STRIPE_SECRET_KEY
+  LYSNR_STRIPE_WEBHOOK_SECRET
+  LYSNR_BILLING_INTERNAL_KEY
+  LYSNR_BLOB_CONNECTION_STRING
+  LYSNR_BLOB_ACCOUNT_KEY
+  LYSNR_SEED_SECRET
+  LYSNR_SPEECH_KEY
+  LYSNR_OPENAI_KEY
+  LYSNR_OPENAI_ENDPOINT
+  LYSNR_GEMINI_API_KEY
+)
+
+require_var() {
+  local name="$1"
+  local value="${!name:-}"
+  if [[ -z "$value" ]]; then
+    echo "❌ missing env var $name"
+    exit 1
+  fi
+  echo "$value"
+}
+
+echo "✅ Using Key Vault: $VAULT_NAME"
+
+total=${#SECRETS[@]}
+
+for ((i=0; i<total; i++)); do
+  secret="${SECRETS[$i]}"
+  var="${VARS[$i]}"
+  value=$(require_var "$var")
+  printf "Setting %s from %s… " "$secret" "$var"
+  az keyvault secret set \
+    --vault-name "$VAULT_NAME" \
+    --name "$secret" \
+    --value "$value" >/dev/null
+  echo "done"
+done
+
+echo
+
+echo "🎉 All LysnrAI secrets seeded. Verify with:"
+echo "  az keyvault secret list --vault-name $VAULT_NAME --query \"[?starts_with(name,'lysnr-')]\" --output table"