All courses
Resource hub
Featured resource
Tech Upskilling Playbook 2025
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Learn more
Hamburger Icon
  • Labs icon Lab
  • Cloud
  • Security
Azure icon
Labs

Read a Secret from an Azure Key Vault in Azure Pipelines

You are deploying a database and application using Azure DevOps, but you don't want to store the database passwords within the repo or within the pipeline. Use Azure Key Vault in the pipeline to read the database password for the deployment.

Get started Contact sales
Azure icon
Labs

Path Info

Level
Clock icon Intermediate
Duration
Clock icon 1h 30m
Last updated
Clock icon Sep 03, 2025

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Create a New Azure DevOps Organization and Import a Repo

    • Log in to the Azure portal.
    • Create a new private project named AwesomeProject.
    • Create a new Azure Repo by importing a GitHub Repo.
    • Set the default branch to keyvault.

  2. Challenge

    Create a Service Connection

    • Create a service connection using an app registration or managed identity (manual) and set the credential to Secret.
    • The subscription ID, subscription name, and directory (tenant) ID can be found by running Get-AzSubscription from the cloudshell.
    • The application (client) ID and client secret can be found on the lab credential page under the service principal.
    • Important: Make sure the Service connection name is set to ServiceConnection.

  3. Challenge

    Install a Self-hosted Agent on the Provided VM

    • Install a self-hosted agent onto the provided Linux VM.
    • Use a personal access token for the authentication method.

  4. Challenge

    Create a Key Vault and Secret

    • Change the Key Vault access configuration to a vault access policy.
    • Give the service principle ID permissions to get and list secrets.
    • Create a secret named sqldbpassword and ensure you use at least 8 digits, one number, one capital letter, and one special letter for the password.

  5. Challenge

    Create an Azure DevOps Pipeline

    Make sure the following has been configured in the pipeline YAML:

    • subscriptionID is set to your Azure subscription ID.
    • webAppName is set to a unique web app name.
    • keyVaultName is set to your Key Vault name.
    • resourceGroup is set your resource group name.
    • location is set to the same location as your resources.

    Run the pipeline and validate success by opening the connection string on the Azure web app.

Pluralsight Skills - Labs - Pluralsight
Author
Pluralsight Skills

Pluralsight Skills gives leaders confidence they have the skills needed to execute technology strategy. Technology teams can benchmark expertise across roles, speed up release cycles and build reliable, secure products. By leveraging our expert content, skill assessments and one-of-a-kind analytics, keep up with the pace of change, put the right people on the right projects and boost productivity. It's the most effective path to developing tech skills at scale.

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.
Ready to get started?
View individual plans View team plans