Microsofttask: mailto:AzureKeyVault@2 inside it will use private link and download KeyVault successfully
pool:
name: eShopOnWebSelfPool
variables:
group: TechlabvaultAP # Reference the variable group
parameters:
- name: keyVaultArmSvcConnectionName
default: 'PrivateKeyVaultConnection'# enter your service Connection name
- name: keyVaultName
default: 'TechlabvaultAP' #enter your KeyVaultname
- name: resourceGroupName
default: 'Techlabvn'# enter your resource group
- name: subscriptionId
default: '17dea6db-4356-4e02-90e0-8dd67183a800' # enter your subscription
steps:
# Step 1: Validate Private Endpoint Access
- task: PowerShell@2
inputs:
targetType: 'inline'
script: |
# This command ensures the DNS is resolved to the private endpoint
$dnsName = "${{ parameters.keyVaultName }}.vault.azure.net"
$resolvedIP = Resolve-DnsName -Name $dnsName -Type A -DnsOnly
Write-Output "##vso[task.setvariable variable=resolvedIP]$($resolvedIP.IPAddress)"
if ($resolvedIP.IPAddress -match "^10\.") {
Write-Output "Key Vault DNS resolves to private IP: $($resolvedIP.IPAddress)"
} else {
Write-Error "Key Vault DNS does not resolve to a private IP"
}
# Step 2: Download secret from keyvault
- task: AzureKeyVault@2
displayName: Download Secrets from Key Vault
condition: succeededOrFailed()
inputs:
azureSubscription: ${{ parameters.keyVaultArmSvcConnectionName }}
KeyVaultName: ${{ parameters.keyVaultName }}
SecretsFilter: '*' # Adjust the filter to specify which secrets to download
# Step 3: Use the Secret in the Pipeline
- task: CmdLine@2
inputs:
script: |
echo $(testpipelinesecret) > secret.txt
# Step 4: Copy Files
- task: CopyFiles@2
inputs:
contents: secret.txt
targetFolder: '$(Build.ArtifactStagingDirectory)'
# Step 5: Publish Build Artifacts
- task: PublishBuildArtifacts@1
inputs:
PathtoPublish: '$(Build.ArtifactStagingDirectory)'
ArtifactName: 'drop'
publishLocation: 'Container'
