All courses
Hamburger Icon
  • Labs icon Lab
  • Cloud
  • Security
Azure icon
Labs

Read a Secret from an Azure Key Vault in Azure Pipelines

You are deploying a database and application using Azure DevOps, but you don't want to store the database passwords within the repo or within the pipeline. Use Azure Key Vault in the pipeline to read the database password for the deployment.

Get started Contact sales
Azure icon
Labs

Path Info

Level
Clock icon Intermediate
Duration
Clock icon 1h 30m
Published
Clock icon Sep 01, 2021

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Create a New Azure DevOps Organization and Import a Repo

    • Log in to the Azure portal.
    • Create a new private project named AwesomeProject.
    • Create a new Azure Repo by importing a GitHub Repo.
    • Set the default branch to keyvault.

  2. Challenge

    Create a Service Connection

    • Create a service connection using an app registration or managed identity (manual) and set the credential to Secret.
    • The subscription ID, subscription name, and directory (tenant) ID can be found by running Get-AzSubscription from the cloudshell.
    • The application (client) ID and client secret can be found on the lab credential page under the service principal.
    • Important: Make sure the Service connection name is set to ServiceConnection.

  3. Challenge

    Install a Self-hosted Agent on the Provided VM

    • Install a self-hosted agent onto the provided Linux VM.
    • Use a personal access token for the authentication method.

  4. Challenge

    Create a Key Vault and Secret

    • Change the Key Vault access configuration to a vault access policy.
    • Give the service principle ID permissions to get and list secrets.
    • Create a secret named sqldbpassword and ensure you use at least 8 digits, one number, one capital letter, and one special letter for the password.

  5. Challenge

    Create an Azure DevOps Pipeline

    Make sure the following has been configured in the pipeline YAML:

    • subscriptionID is set to your Azure subscription ID.
    • webAppName is set to a unique web app name.
    • keyVaultName is set to your Key Vault name.
    • resourceGroup is set your resource group name.
    • location is set to the same location as your resources.

    Run the pipeline and validate success by opening the connection string on the Azure web app.

Pluralsight - Labs - Read a Secret from an Azure Key Vault in Azure Pipelines
Author
Pluralsight

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.
Ready to get started?
View individual plans View team plans