the_order/scripts/deploy/store-entra-secrets.sh

#!/bin/bash
#
# Store Entra ID secrets in Azure Key Vault
# Run this after completing manual Entra ID setup
#

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "${SCRIPT_DIR}/config.sh"

log_info "Storing Entra ID secrets in Azure Key Vault..."

# Prompt for values if not in environment
if [ -z "${ENTRA_TENANT_ID:-}" ]; then
  read -p "Enter Entra Tenant ID: " ENTRA_TENANT_ID
fi

if [ -z "${ENTRA_CLIENT_ID:-}" ]; then
  read -p "Enter Entra Client ID: " ENTRA_CLIENT_ID
fi

if [ -z "${ENTRA_CLIENT_SECRET:-}" ]; then
  read -sp "Enter Entra Client Secret: " ENTRA_CLIENT_SECRET
  echo
fi

if [ -z "${ENTRA_CREDENTIAL_MANIFEST_ID:-}" ]; then
  read -p "Enter Entra Credential Manifest ID: " ENTRA_CREDENTIAL_MANIFEST_ID
fi

# Store secrets
az keyvault secret set \
  --vault-name "${KEY_VAULT_NAME}" \
  --name "entra-tenant-id" \
  --value "${ENTRA_TENANT_ID}" \
  || error_exit "Failed to store tenant ID"

az keyvault secret set \
  --vault-name "${KEY_VAULT_NAME}" \
  --name "entra-client-id" \
  --value "${ENTRA_CLIENT_ID}" \
  || error_exit "Failed to store client ID"

az keyvault secret set \
  --vault-name "${KEY_VAULT_NAME}" \
  --name "entra-client-secret" \
  --value "${ENTRA_CLIENT_SECRET}" \
  || error_exit "Failed to store client secret"

az keyvault secret set \
  --vault-name "${KEY_VAULT_NAME}" \
  --name "entra-credential-manifest-id" \
  --value "${ENTRA_CREDENTIAL_MANIFEST_ID}" \
  || error_exit "Failed to store manifest ID"

log_success "Entra ID secrets stored in Key Vault"