70 lines
1.8 KiB
Bash
Executable File
70 lines
1.8 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# seed-keyvault.sh — Populate Azure Key Vault with all LysnrAI secrets.
|
|
#
|
|
# Prerequisites:
|
|
# 1. az login
|
|
# 2. A .env file with all secret values (or set them as env vars)
|
|
#
|
|
# Usage:
|
|
# ./scripts/seed-keyvault.sh # uses default vault
|
|
# AZURE_KEYVAULT_URL=https://kv-mywisprai.vault.azure.net ./scripts/seed-keyvault.sh
|
|
#
|
|
set -euo pipefail
|
|
|
|
VAULT_NAME="${AZURE_KEYVAULT_NAME:-kv-mywisprai}"
|
|
|
|
# Load .env if present
|
|
if [ -f .env ]; then
|
|
set -a; source .env; set +a
|
|
fi
|
|
|
|
echo "🔐 Seeding Azure Key Vault: $VAULT_NAME"
|
|
echo ""
|
|
|
|
# Map: KV secret name → env var name
|
|
declare -A SECRETS=(
|
|
["lysnr-cosmos-endpoint"]="COSMOS_ENDPOINT"
|
|
["lysnr-cosmos-key"]="COSMOS_KEY"
|
|
["lysnr-jwt-secret"]="JWT_SECRET"
|
|
["lysnr-stripe-secret-key"]="STRIPE_SECRET_KEY"
|
|
["lysnr-stripe-webhook-secret"]="STRIPE_WEBHOOK_SECRET"
|
|
["lysnr-billing-internal-key"]="BILLING_INTERNAL_KEY"
|
|
["lysnr-blob-connection-string"]="AZURE_BLOB_CONNECTION_STRING"
|
|
["lysnr-blob-account-key"]="AZURE_BLOB_ACCOUNT_KEY"
|
|
["lysnr-gemini-api-key"]="GEMINI_API_KEY"
|
|
["lysnr-seed-secret"]="SEED_SECRET"
|
|
["lysnr-azure-speech-key"]="AZURE_SPEECH_KEY"
|
|
["lysnr-azure-openai-key"]="AZURE_OPENAI_KEY"
|
|
["lysnr-azure-openai-endpoint"]="AZURE_OPENAI_ENDPOINT"
|
|
)
|
|
|
|
ok=0
|
|
skip=0
|
|
fail=0
|
|
|
|
for kv_name in "${!SECRETS[@]}"; do
|
|
env_var="${SECRETS[$kv_name]}"
|
|
value="${!env_var:-}"
|
|
|
|
if [ -z "$value" ]; then
|
|
echo " ⚠️ SKIP $kv_name ($env_var not set)"
|
|
((skip++))
|
|
continue
|
|
fi
|
|
|
|
if az keyvault secret set \
|
|
--vault-name "$VAULT_NAME" \
|
|
--name "$kv_name" \
|
|
--value "$value" \
|
|
--output none 2>/dev/null; then
|
|
echo " ✅ SET $kv_name"
|
|
((ok++))
|
|
else
|
|
echo " ❌ FAIL $kv_name"
|
|
((fail++))
|
|
fi
|
|
done
|
|
|
|
echo ""
|
|
echo "Done: $ok set, $skip skipped, $fail failed"
|