OCP DA fails on un-deploy using trusted profile

[ocofaigh]

The un-deploy fails with:

 2025/10/23 05:38:31 Terraform destroy | Error: local-exec provisioner error
 2025/10/23 05:38:31 Terraform destroy | 
 2025/10/23 05:38:31 Terraform destroy |   with terraform_data.delete_secrets[0],
 2025/10/23 05:38:31 Terraform destroy |   on main.tf line 263, in resource "terraform_data" "delete_secrets":
 2025/10/23 05:38:31 Terraform destroy |  263:   provisioner "local-exec" {
 2025/10/23 05:38:31 Terraform destroy | 
 2025/10/23 05:38:31 Terraform destroy | Error running command './scripts/delete_secrets.sh
 2025/10/23 05:38:31 Terraform destroy | 76ed4f0f-3f02-89d2-39b8-a14031aab329 private
 2025/10/23 05:38:31 Terraform destroy | 3d04d5a3-940a-4d62-8693-df20039a78a4 us-south private': exit status 1.
 2025/10/23 05:38:31 Terraform destroy | Output: "Provided API key could not be found."
 2025/10/23 05:38:31 Terraform destroy | Could not obtain an IAM access token

From the consumer:

I suspect that the apikey parameter to the delete_secrets resource gets stored in the state from an initial execution of the terraform. Then days later you try to run undeploy, but that original apikey is already recycled by the Projects trusted profile cleanup process.
So probably if you switch the script to using a token and make sure it's not get cached in the state, it might work.

[in-1911]

A way to reproduce it would be to run the deployment with an API key, then rotate the apikey (delete the original and create a new one) and then try to undeploy.
I think this is not limited to trusted profile scenario only, a cycling of an APIkey for a real user (which actually should happen regularly) would cause the same issue.