Use keyvault secrets in pipeline (YAML).

Rolf_GJ · ‎Mar 08 2022

I am trying to use a KeyVault to protect secret password for a database deployment.

The service connection have Contributor roll for the subscription, and sett up with get, set, list and delete access for secrets in access policy.

Use this step to get the keyvault secrets. Have also tested SecretFilter: ‘*’

trigger:
- None

pool:
  vmImage: ubuntu-latest

steps:
- task: AzureKeyVault@2
  inputs:
    azureSubscription: 'VIP til Azure'
    KeyVaultName: 'kvxxxxxxxxxxxxxxr6u'
    SecretsFilter: 'vipDatabaseTestPassord,vipDatabaseTestAdmin'
    RunAsPreJob: false

The result for this step is

Key vault name: kvxxxxxxxxxxxxx6u.

Downloading secret value for: vipDatabaseTestPassord.

Downloading secret value for: vipDatabaseTestAdmin.

Finishing: AzureKeyVault

For me it looks like the values are being read.

The next task

- task: AzureResourceManagerTemplateDeployment@3
  inputs:
    deploymentScope: 'Resource Group'
    azureResourceManagerConnection: 'xxxxxxxxxxxxx'
    subscriptionId: 'xxxxxxxxxxxxxxxxxx'
    action: 'Create Or Update Resource Group'
    resourceGroupName: 'ResourceGroup'
    location: 'xxxxxx'
    templateLocation: 'Linked artifact'
    csmFile: './sql/sqldeploy.json'
    csmParametersFile: './sql/sqldeploy.parameters.json'
    overrideParameters: '-administratorLoginPassword $(vipDatabaseTestPassord) -administratorLogin $(vipDatabaseTestAdmin)'
    deploymentMode: 'Incremental'

This com up with following error

There were errors in your deployment. Error code: InvalidDeploymentParameterKey.

##[error]One of the deployment parameters has an empty key. Please see https://aka.ms/resource-manager-parameter-files for details.

##[warning]Validation errors were found in the Azure Resource Manager template. This can potentially cause template deployment to fail. Task failed while creating or updating the template deployment.. Please follow https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-syntax

Starting Deployment.

Deployment name is xxxxxxxxxxxx

There were errors in your deployment. Error code: InvalidDeploymentParameterKey.

##[error]One of the deployment parameters has an empty key. Please see https://aka.ms/resource-manager-parameter-files for details.

##[error]Check out the troubleshooting guide to see if your issue is addressed: https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-resource-group-deployment...

##[error]Task failed while creating or updating the template deployment.

For me it look like there are some problems with parsing KeyVault secrets to values YML file can use

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Use keyvault secrets in pipeline (YAML).

Use keyvault secrets in pipeline (YAML).