A1) User must authenticate with Azure AD
A2) User specifies "rotate" secret "Foo"
C1) Manifest is queried to determine metadata for secret "Foo" - Do we want to query key vault and get a guid for the secret which can be used for operations instead of a name string? - This would permit changing a name in key vault or associating more than one secret with a specific value - D) Cli has knowledge on how to use the metadata to generate a new secret
D1) Generate new secret
D2) Update key vault
E1) Update manifest