Click on Library.
Click on Variable group
Give a name and description, then activate Link secrets from an Azure key vault as variables
Choose from drop down Service Connection and Key vault name we created previously. If you didn't have any Service Connections read my blog Create new Azure Service Connection
if you get this error
we have to add some permissions to the service connection.
Add Get and List secret management permissions on the selected key vault
Open Azure portal and go to my-super-secrets key vault resource we created previously
Click on Access policies
click on Add new
Click on Select principle and choose principle we created before in this blog Create Service Principle.
Click on Secret permissions and ensure that Get and List are checked (ticked)
Don't forget to click on save
Add Get and List secret management permissions on the selected key vault using PowerShell
# add access policy Set-AzureRmKeyVaultAccessPolicy -VaultName 'ThisIsNameForKeyVault' -ServicePrincipalName '131164c0-9b17-4813-b12c-96b086cc7a1c' -PermissionsToSecrets Get,List
Provide the vault name and service principle name. Read my blog Create Service Principle to find out how to create Service Principle.
Go back to Azure DevOps -> Pipelines -> Library. Choose your variable group name.
Now we add variables to the library from connected Key Vault
Click on Add
Select all. These secrets we created to use in our first Terraform configuration here. You choose your environment variables you need to use in the pipelines. Define also Expiration date if necessary.
click on Save.
Our Library looks like this
To include this variable group in the Builds pipeline, go to your build
Click on Variables
Then on Variables groups and Link variable group
Choose group and click on Link
Now you can use the syntax in your yaml files like this to get the value of this secrets
- script: dotnet build --configuration $(buildConfiguration) displayName: 'dotnet build with following configuration $(buildConfiguration)'
If you like my post image, you can free download it from here.
Don't forget to subscribe to get latest news from Sergey .NET directly to your mail.