smom-dbis-138/scripts/deployment/deploy-keyvaults-only.sh

#!/usr/bin/env bash

set -e

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
TERRAFORM_DIR="$PROJECT_ROOT/terraform/well-architected/cloud-sovereignty"

echo "╔════════════════════════════════════════════════════════════════╗"
echo "║     DEPLOYING KEY VAULTS ONLY (PHASE 1 - INFRASTRUCTURE)         ║"
echo "╚════════════════════════════════════════════════════════════════╝"

cd "$TERRAFORM_DIR"

# Check if terraform.tfvars.36regions exists
if [ ! -f "terraform.tfvars.36regions" ]; then
    echo "❌ Error: terraform.tfvars.36regions not found"
    exit 1
fi

# Create temporary tfvars with deploy_aks_clusters = false
cat terraform.tfvars.36regions | sed 's/deploy_aks_clusters = true/deploy_aks_clusters = false/' > terraform.tfvars.keyvaults

echo "Using configuration: terraform.tfvars.keyvaults"
echo "  • deploy_aks_clusters = false (Key Vaults only)"

# Initialize Terraform if needed
if [ ! -d ".terraform" ]; then
    echo "Initializing Terraform..."
    terraform init
fi

# Plan deployment
echo "=" | awk '{printf "%-64s\n", ""}'
echo "📋 RUNNING TERRAFORM PLAN"
echo "=" | awk '{printf "%-64s\n", ""}'

terraform plan -var-file=terraform.tfvars.keyvaults -out=tfplan.keyvaults

echo "=" | awk '{printf "%-64s\n", ""}'
echo "🚀 APPLYING TERRAFORM PLAN"
echo "=" | awk '{printf "%-64s\n", ""}'

echo "This will create Key Vaults across 36 regions..."
echo "Press Ctrl+C to cancel, or wait 5 seconds to continue..."
sleep 5

terraform apply tfplan.keyvaults

echo "=" | awk '{printf "%-64s\n", ""}'
echo "✅ KEY VAULT DEPLOYMENT COMPLETE"
echo "=" | awk '{printf "%-64s\n", ""}'

# Cleanup
rm -f terraform.tfvars.keyvaults

echo "Next step: Store node secrets in Key Vaults"
echo "  Run: bash scripts/key-management/store-nodes-in-keyvault.sh"