another custom secrets back

.github/actions/templates/avm-validateModuleDeployment/action.yml

@@ -341,6 +341,23 @@ runs:
             }
           }
 
+          # Fetch & add custom secrets, if any
+          # -----------------------------------
+          $keyVaultName = "${{ env.CI_KEY_VAULT_NAME }}"
+          if(-not [String]::IsNullOrEmpty($keyVaultName)) {
+            # Note: This action requires at least 'Key Vault Secrets User' permissions
+            $customKeyVaultSecrets = Get-AzKeyVaultSecret -VaultName $keyVaultName | Where-Object { $_.Name -match '^CI-.+' }
+            foreach($customSecret in $customKeyVaultSecrets) {
+              $formattedName = $customSecret.Name -replace '^CI-' # e.g. 'CI-mySecret' -> 'mySecret'
+              if($moduleTemplatePossibleParameters -contains $formattedName) {
+                Write-Verbose ('Setting value for parameter [{0}]' -f $formattedName) -Verbose
+                $functionInput.AdditionalParameters += @{
+                  $formattedName = (Get-AzKeyVaultSecret -VaultName $keyVaultName -Name $customSecret.Name).SecretValue
+                }
+              }
+            }
+          }
+
           Write-Verbose 'Invoke task with' -Verbose
           Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose