Read a Secret from an Azure Key Vault in Azure Pipelines

Libraries: If you want this lab, consider one of these libraries.
Cloud
Security

Read a Secret from an Azure Key Vault in Azure Pipelines

You are deploying a database and application using Azure DevOps, but you don't want to store the database passwords within the repo or within the pipeline. Use Azure Key Vault in the pipeline to read the database password for the deployment.

Get started Contact sales

Lab Info

Level

Intermediate

Last updated

Sep 25, 2025

Duration

1h 30m

Challenge

Create a New Azure DevOps Organization and Import a Repo
- Log in to the Azure portal.
- Create a new private project named AwesomeProject.
- Create a new Azure Repo by importing a GitHub Repo.
- Set the default branch to keyvault.
Challenge

Create a Service Connection
- Create a service connection using an app registration or managed identity (manual) and set the credential to Secret.
- The subscription ID, subscription name, and directory (tenant) ID can be found by running Get-AzSubscription from the cloudshell.
- The application (client) ID and client secret can be found on the lab credential page under the service principal.
- Important: Make sure the Service connection name is set to ServiceConnection.
Challenge

Install a Self-hosted Agent on the Provided VM
- Install a self-hosted agent onto the provided Linux VM.
- Use a personal access token for the authentication method.
Challenge

Create a Key Vault and Secret
- Change the Key Vault access configuration to a vault access policy.
- Give the service principle ID permissions to get and list secrets.
- Create a secret named sqldbpassword and ensure you use at least 8 digits, one number, one capital letter, and one special letter for the password.
Challenge

Create an Azure DevOps Pipeline
Make sure the following has been configured in the pipeline YAML:
- subscriptionID is set to your Azure subscription ID.
- webAppName is set to a unique web app name.
- keyVaultName is set to your Key Vault name.
- resourceGroup is set your resource group name.
- location is set to the same location as your resources.
Run the pipeline and validate success by opening the connection string on the Azure web app.

About the author

Pluralsight Skills

Pluralsight Skills gives leaders confidence they have the skills needed to execute technology strategy. Technology teams can benchmark expertise across roles, speed up release cycles and build reliable, secure products. By leveraging our expert content, skill assessments and one-of-a-kind analytics, keep up with the pace of change, put the right people on the right projects and boost productivity. It's the most effective path to developing tech skills at scale.

Real skill practice before real-world application

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Learn by doing

Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.

Follow your guide

All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.

Turn time into mastery

On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.