From e6d8c9bebb91c87d65c06acb8813f4612228b4b4 Mon Sep 17 00:00:00 2001
From: Hamideh Amini Khezrabad <h.amini.khezrabad@sap.com>
Date: Fri, 14 Nov 2025 14:22:13 +0100
Subject: [PATCH] Migrate env certs to Credhub

---
 ci/infrastructure.yml | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/ci/infrastructure.yml b/ci/infrastructure.yml
index 0f744ea41..125c87d0b 100644
--- a/ci/infrastructure.yml
+++ b/ci/infrastructure.yml
@@ -130,12 +130,13 @@ upgrade-bbl-up-task: &upgrade-bbl-up-task-config
     BBL_GCP_REGION: us-east1
     BBL_GCP_SERVICE_ACCOUNT_KEY: environments/test/trelawney/trelawney.key.json
     BBL_IAAS: gcp
-    BBL_LB_CERT: ../lb-certs/trelawney.crt
-    BBL_LB_KEY: ../lb-certs/trelawney.key
+    BBL_LB_CERT: ((trelawney_lb.certificate))
+    BBL_LB_KEY: ((trelawney_lb.private_key))
     BBL_STATE_DIR: environments/test/trelawney/bbl-state
     GIT_COMMIT_EMAIL: "app-deployments@cloudfoundry.org"
     GIT_COMMIT_USERNAME: "ARD WG Bot"
     LB_DOMAIN: cf.trelawney.env.wg-ard.ci.cloudfoundry.org
+    TRUSTED_CA: ((relint_ca.certificate))
   ensure:
     put: relint-envs
     params:
@@ -251,12 +252,13 @@ windows-bbl-up-task: &windows-bbl-up-task-config
     BBL_GCP_REGION: us-east1
     BBL_GCP_SERVICE_ACCOUNT_KEY: environments/test/cedric/cedric.key.json
     BBL_IAAS: gcp
-    BBL_LB_CERT: ../cert.pem
-    BBL_LB_KEY: ../key.pem
+    BBL_LB_CERT: ((cedric_lb.certificate))
+    BBL_LB_KEY: ((cedric_lb.private_key))
     BBL_STATE_DIR: environments/test/cedric/bbl-state
     GIT_COMMIT_EMAIL: "app-deployments@cloudfoundry.org"
     GIT_COMMIT_USERNAME: "ARD WG Bot"
     LB_DOMAIN: cf.cedric.env.wg-ard.ci.cloudfoundry.org
+    TRUSTED_CA: ((relint_ca.certificate))
   ensure:
     put: relint-envs
     params:
@@ -297,12 +299,13 @@ cats-bbl-up-task: &cats-bbl-up-task-config
     BBL_GCP_SERVICE_ACCOUNT_KEY: environments/test/cats/ard-cats.key.json
     BBL_GCP_REGION: us-east1
     BBL_IAAS: gcp
-    BBL_LB_CERT: ../lb-certs/cats.crt
-    BBL_LB_KEY: ../lb-certs/cats.key
+    BBL_LB_CERT: ((cats_lb.certificate))
+    BBL_LB_KEY: ((cats_lb.private_key))
     BBL_STATE_DIR: environments/test/cats/bbl-state
     GIT_COMMIT_EMAIL: "app-deployments@cloudfoundry.org"
     GIT_COMMIT_USERNAME: "ARD WG Bot"
     LB_DOMAIN: cf.cats.env.wg-ard.ci.cloudfoundry.org
+    TRUSTED_CA: ((relint_ca.certificate))
   ensure:
     put: relint-envs
     params:
@@ -817,11 +820,12 @@ jobs:
       BBL_ENV_NAME: maxime
       BBL_GCP_SERVICE_ACCOUNT_KEY: environments/dev/maxime/maxime.key.json
       BBL_GCP_REGION: us-east1
-      BBL_LB_CERT: ../certs/maxime.crt
-      BBL_LB_KEY: ../certs/maxime.key
+      BBL_LB_CERT: ((maxime_lb.certificate))
+      BBL_LB_KEY: ((maxime_lb.private_key))
       GIT_COMMIT_EMAIL: "app-deployments@cloudfoundry.org"
       GIT_COMMIT_USERNAME: "ARD WG Bot"
       LB_DOMAIN: cf.maxime.env.wg-ard.ci.cloudfoundry.org
+      TRUSTED_CA: ((relint_ca.certificate))
     ensure:
       put: relint-envs
       params: