From 0352601c4006ac4d1c29ab7c410c5edbf255b281 Mon Sep 17 00:00:00 2001
From: Missy Messa <47990216+missymessa@users.noreply.github.com>
Date: Thu, 26 Mar 2026 08:28:32 -0700
Subject: [PATCH] Remove dn-bot-dotnet-build-rw-code-rw PAT from vault manifest

Remove the dn-bot-dotnet-build-rw-code-rw secret definition from the
EngKeyVault vault manifest as part of PAT-to-Entra migration (WI 10140).

This PAT provided build_execute and code_write scopes against the dnceng
org. It was consumed by:

- Two orphaned YAML files in arcade-validation (deletion PR #5460)
- Stale vendored execute-sdl.yml copies in ~22 downstream repos (these
  will self-clean as repos update their Arcade SDK dependency; affected
  repo owners have been notified via email)

The PAT has already expired and is no longer being renewed.
---
 .vault-config/product-builds-engkeyvault.yaml | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/.vault-config/product-builds-engkeyvault.yaml b/.vault-config/product-builds-engkeyvault.yaml
index b1b5ab12dea..1f1ae7ce455 100644
--- a/.vault-config/product-builds-engkeyvault.yaml
+++ b/.vault-config/product-builds-engkeyvault.yaml
@@ -56,17 +56,6 @@ secrets:
     parameters:
       description: Client id for akams app
 
-  dn-bot-dotnet-build-rw-code-rw:
-    type: azure-devops-access-token
-    parameters:
-      domainAccountName: dn-bot
-      domainAccountSecret:
-          location: helixkv
-          name: dn-bot-account-redmond
-      name: dn-bot-dotnet-build
-      organizations: dnceng
-      scopes: build_execute code_write 
-
   dn-bot-all-orgs-build-rw-code-rw:
     type: azure-devops-access-token
     parameters: