#!/bin/bash # Create Credential Manifests in Entra VerifiedID # Provides templates and step-by-step instructions for all manifest types set -euo pipefail GREEN='\033[0;32m' BLUE='\033[0;34m' YELLOW='\033[1;33m' NC='\033[0m' log_info() { echo -e "${BLUE}[INFO]${NC} $1"; } log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; } log_warning() { echo -e "${YELLOW}[WARNING]${NC} $1"; } cd "$(dirname "$0")/../.." MANIFESTS_DIR="manifests/entra" mkdir -p "${MANIFESTS_DIR}" log_info "Credential Manifest Creation Guide" echo "" # Create manifest templates log_info "Creating manifest templates..." # Default/Identity Manifest Template cat > "${MANIFESTS_DIR}/default-manifest-template.json" << 'EOF' { "name": "The Order Identity Credential", "description": "Identity credential for members of The Order", "claims": [ { "claim": "email", "type": "String", "required": true }, { "claim": "name", "type": "String", "required": true }, { "claim": "role", "type": "String", "required": false }, { "claim": "userId", "type": "String", "required": false } ], "issuer": { "name": "The Order", "domain": "theorder.org" } } EOF # Diplomatic Manifest Template cat > "${MANIFESTS_DIR}/diplomatic-manifest-template.json" << 'EOF' { "name": "The Order Letters of Credence", "description": "Diplomatic credential for Letters of Credence", "claims": [ { "claim": "recipientName", "type": "String", "required": true }, { "claim": "recipientTitle", "type": "String", "required": true }, { "claim": "missionCountry", "type": "String", "required": true }, { "claim": "missionType", "type": "String", "required": true, "enum": ["embassy", "consulate", "delegation", "mission"] }, { "claim": "appointmentDate", "type": "DateTime", "required": true }, { "claim": "expirationDate", "type": "DateTime", "required": false } ], "issuer": { "name": "The Order", "domain": "theorder.org" } } EOF # Judicial Manifest Template cat > "${MANIFESTS_DIR}/judicial-manifest-template.json" << 'EOF' { "name": "The Order Judicial Appointment Credential", "description": "Judicial appointment credential", "claims": [ { "claim": "role", "type": "String", "required": true, "enum": ["judge", "magistrate", "justice", "prosecutor"] }, { "claim": "appointmentAuthority", "type": "String", "required": true }, { "claim": "jurisdiction", "type": "String", "required": true }, { "claim": "appointmentDate", "type": "DateTime", "required": true }, { "claim": "termLength", "type": "Number", "required": false } ], "issuer": { "name": "The Order", "domain": "theorder.org" } } EOF # Financial Manifest Template cat > "${MANIFESTS_DIR}/financial-manifest-template.json" << 'EOF' { "name": "The Order Financial Role Credential", "description": "Financial role credential", "claims": [ { "claim": "role", "type": "String", "required": true, "enum": ["financial-officer", "treasurer", "accountant", "auditor"] }, { "claim": "appointmentAuthority", "type": "String", "required": true }, { "claim": "jurisdiction", "type": "String", "required": true }, { "claim": "appointmentDate", "type": "DateTime", "required": true } ], "issuer": { "name": "The Order", "domain": "theorder.org" } } EOF log_success "Manifest templates created in ${MANIFESTS_DIR}/" echo "" # Create step-by-step guide log_info "Step-by-Step Instructions:" echo "" echo "For each manifest type, follow these steps:" echo "" echo "1. Go to Azure Portal → Verified ID → Credentials" echo " Direct link: https://portal.azure.com/#view/Microsoft_AAD_IAM/VerifiedIDBlade" echo "" echo "2. Click 'Add credential' or 'Create new credential'" echo "" echo "3. Choose credential type (or use 'Custom credential')" echo "" echo "4. Configure the credential using the templates in ${MANIFESTS_DIR}/" echo "" echo "5. For each manifest:" echo " - Default: Use default-manifest-template.json" echo " - Diplomatic: Use diplomatic-manifest-template.json" echo " - Judicial: Use judicial-manifest-template.json" echo " - Financial: Use financial-manifest-template.json" echo "" echo "6. After creating each manifest:" echo " - Note the Manifest ID (displayed after creation)" echo " - Run: ./scripts/deploy/configure-multi-manifest.sh" echo " - Or manually add to ENTRA_MANIFESTS environment variable" echo "" # Create automated manifest ID collector cat > "${MANIFESTS_DIR}/collect-manifest-ids.sh" << 'EOF' #!/bin/bash # Collect Manifest IDs after creation # Run this after creating manifests in Azure Portal echo "Enter Manifest IDs (press Enter to skip optional ones):" echo "" read -p "Default Manifest ID: " DEFAULT_ID read -p "Diplomatic Manifest ID (optional): " DIPLOMATIC_ID read -p "Judicial Manifest ID (optional): " JUDICIAL_ID read -p "Financial Manifest ID (optional): " FINANCIAL_ID MANIFESTS="{" MANIFESTS+="\"default\":\"${DEFAULT_ID}\"" [ -n "${DIPLOMATIC_ID}" ] && MANIFESTS+=",\"diplomatic\":\"${DIPLOMATIC_ID}\"" [ -n "${JUDICIAL_ID}" ] && MANIFESTS+=",\"judicial\":\"${JUDICIAL_ID}\"" [ -n "${FINANCIAL_ID}" ] && MANIFESTS+=",\"financial\":\"${FINANCIAL_ID}\"" MANIFESTS+="}" echo "" echo "ENTRA_MANIFESTS='${MANIFESTS}'" echo "" echo "Add this to your .env file or Kubernetes secrets" EOF chmod +x "${MANIFESTS_DIR}/collect-manifest-ids.sh" log_success "Manifest creation guide complete!" log_info "Templates saved to: ${MANIFESTS_DIR}/" log_info "After creating manifests, run: ${MANIFESTS_DIR}/collect-manifest-ids.sh"