Added import for kezs as well

nullchimp · nullchimp · commit b208c2448ebd · 2025-05-18T22:21:49.000+02:00
diff --git a/.github/workflows/deploy-azure.yml b/.github/workflows/deploy-azure.yml
@@ -48,6 +48,11 @@ jobs:
           OBJECT_ID=${{ secrets.AZURE_SP_OBJECT_ID }} \
           CI_MODE=true \
           ./import_resources.sh
+          
+      - name: Import Existing Key Vault Secrets
+        run: |
+          cd infra/azure
+          ./import_secrets.sh ${{ env.ENVIRONMENT }}
       
       - name: Terraform Plan
         run: |
diff --git a/infra/azure/README.md b/infra/azure/README.md
@@ -12,6 +12,16 @@ This directory contains Terraform configurations for setting up the Azure infras
 
 When working with existing Azure resources, the `import_resources.sh` script helps to import them into Terraform state.
 
+### Importing Key Vault Secrets
+
+If you're having issues with Key Vault secrets that already exist in Azure but not in your Terraform state, use the `import_secrets.sh` script:
+
+```bash
+./import_secrets.sh dev  # Replace 'dev' with your environment name
+```
+
+This script will look up the exact version IDs of your Key Vault secrets and properly import them into Terraform state.
+
 ### Running in CI/CD Pipelines
 
 When running in CI/CD pipelines, use the CI_MODE flag to prevent password prompts:
diff --git a/infra/azure/import_secrets.sh b/infra/azure/import_secrets.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+# Specialized script to import existing Key Vault secrets into Terraform state
+# Usage: ./import_secrets.sh [environment]
+
+set -e
+
+# Check if environment variable is set, default to dev
+ENVIRONMENT=${1:-dev}
+SUBSCRIPTION_ID=$(az account show --query id -o tsv)
+RESOURCE_GROUP="GitHub"
+KV_NAME="kv-ai-agent-$ENVIRONMENT"
+
+terraform init
+
+# Import Key Vault Secrets with their full URIs
+if az keyvault show --name "$KV_NAME" --resource-group "$RESOURCE_GROUP" &>/dev/null; then
+  # For memgraph-username, get the secret ID including version
+  if az keyvault secret show --name "memgraph-username" --vault-name "$KV_NAME" &>/dev/null; then
+    SECRET_URI=$(az keyvault secret show --name "memgraph-username" --vault-name "$KV_NAME" --query id -o tsv)
+    terraform import azurerm_key_vault_secret.memgraph_username "$SECRET_URI"
+  fi
+  
+  # For memgraph-password, get the secret ID including version
+  if az keyvault secret show --name "memgraph-password" --vault-name "$KV_NAME" &>/dev/null; then
+    SECRET_URI=$(az keyvault secret show --name "memgraph-password" --vault-name "$KV_NAME" --query id -o tsv)
+    terraform import azurerm_key_vault_secret.memgraph_password "$SECRET_URI"
+  fi
+else
+  exit 1
+fi
