Consuming secrets from Azure Key Vault in your release pipeline
This recipe is an extension of the previous recipe; if you haven't already read the previous recipe, I recommend that you read it first.
In the previous recipe, we saw how to keep strings, such as passwords as pipeline variables and how to mark them as secure variables so that they are not visible in the logs or to anyone else editing the pipeline once saved. While it works really well, enterprises that are deploying to the cloud would love to centrally manage and maintain these secrets in Azure Key Vault.
Note
You can read more about Azure Key Vaults here: http://bit.ly/2OAslff.
Azure DevOps Server 2019 has native support for Azure Key Vault with variable groups. With variable groups in Azure DevOps Server, we can bring secrets from Azure Key Vault.
Getting ready
As a first step, we will manually create an Azure key vault and store the SQL Admin password as a single secret.
Creating a key vault in Azure
- Go to portal.azure.com and then...