Log in to your Azure DevOps. To take a look at my public repo just navigate here or create your own one. Read my blog Create Azure DevOps account for instructions how to do it.

Click on Library.

Click on Variable group
Give a name and description, then activate Link secrets from an Azure key vault as variables

Choose from drop down Service Connection and Key vault name we created previously. If you didn't have any Service Connections read my blog Create new Azure Service Connection
if you get this error

we have to add some permissions to the service connection.
Add Get and List secret management permissions on the selected key vault
Open Azure portal and go to my-super-secrets key vault resource we created previously

Click on Access policies

click on Add new

Click on Select principle and choose principle we created before in this blog Create Service Principle.
Click on Secret permissions and ensure that Get and List are checked (ticked)

Choose OK
Don't forget to click on save

Add Get and List secret management permissions on the selected key vault using PowerShell
# add access policy
Set-AzureRmKeyVaultAccessPolicy -VaultName 'ThisIsNameForKeyVault' -ServicePrincipalName '131164c0-9b17-4813-b12c-96b086cc7a1c' -PermissionsToSecrets Get,List
Provide the vault name and service principle name. Read my blog Create Service Principle to find out how to create Service Principle.
Go back to Azure DevOps -> Pipelines -> Library. Choose your variable group name.
Now we add variables to the library from connected Key Vault
Click on Add

Select all. These secrets we created to use in our first Terraform configuration here. You choose your environment variables you need to use in the pipelines. Define also Expiration date if necessary.

Click Ok

click on Save.
Our Library looks like this

To include this variable group in the Builds pipeline, go to your build

Click on Variables

Then on Variables groups and Link variable group

Choose group and click on Link
Now you can use the syntax in your yaml files like this to get the value of this secrets
- script: dotnet build --configuration $(buildConfiguration)
displayName: 'dotnet build with following configuration $(buildConfiguration)'
If you like my post image, you can free download it from here.
Don't forget to subscribe to get latest news from Sergey .NET directly to your mail.