Pull Plus cert/key from Azure Vault

Author: pdabelf5

.github/workflows/build-base-images.yml

@@ -122,6 +122,40 @@ jobs:
       - name: Checkout Repository
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
+      - name: Azure login
+        uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
+        with:
+          client-id: ${{ secrets.AZURE_VAULT_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_VAULT_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_VAULT_SUBSCRIPTION_ID }}
+
+      - name: Setup secrets
+        id: secrets
+        run: |
+          echo "Setting secrets for job"
+          PLUS_CREDS=$(az keyvault secret show --name plus-creds --vault-name ${{ secrets.NIC_KEYVAULT_NAME }} --query value -o tsv)
+          echo "::add-mask::$PLUS_CREDS"
+          IFS=@ cert=$(echo $PLUS_CREDS | jq -r '.crt')
+          {
+            echo 'PLUS_CERT<<EOF'
+            echo $cert
+            echo 'EOF'
+          } >> "$GITHUB_OUTPUT"
+          while read -r line;
+          do
+            echo "::add-mask::${line}"
+          done <<< "${PLUS_CERT}"
+          IFS=@ key=$(echo $PLUS_CREDS | jq -r '.key')
+          {
+            echo 'PLUS_KEY<<EOF'
+            echo $key
+            echo 'EOF'
+          } >> "$GITHUB_OUTPUT"
+          while read -r line;
+          do
+            echo "::add-mask::${line}"
+          done <<< "${PLUS_KEY}"
+
       - name: Docker Buildx
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
 
@@ -172,8 +206,8 @@ jobs:
             BUILD_OS=${{ matrix.image }}
             IC_VERSION=${{ needs.checks.outputs.ic_version }}
           secrets: |
-            "nginx-repo.crt=${{ secrets.NGINX_CRT }}"
-            "nginx-repo.key=${{ secrets.NGINX_KEY }}"
+            "nginx-repo.crt=${{ steps.secrets.outputs.PLUS_CERT }}"
+            "nginx-repo.key=${{ steps.secrets.outputs.PLUS_KEY }}"
 
   build-plus-nap:
     name: Build Plus NAP base images