Mar 08 2022
I am trying to use a KeyVault to protect secret password for a database deployment.
The service connection have Contributor roll for the subscription, and sett up with get, set, list and delete access for secrets in access policy.
Use this step to get the keyvault secrets. Have also tested SecretFilter: ‘*’
- task: AzureKeyVault@2
azureSubscription: 'VIP til Azure'
The result for this step is
Key vault name: kvxxxxxxxxxxxxx6u.
Downloading secret value for: vipDatabaseTestPassord.
Downloading secret value for: vipDatabaseTestAdmin.
For me it looks like the values are being read.
The next task
- task: AzureResourceManagerTemplateDeployment@3
deploymentScope: 'Resource Group'
action: 'Create Or Update Resource Group'
templateLocation: 'Linked artifact'
overrideParameters: '-administratorLoginPassword $(vipDatabaseTestPassord) -administratorLogin $(vipDatabaseTestAdmin)'
This com up with following error
There were errors in your deployment. Error code: InvalidDeploymentParameterKey.
##[error]One of the deployment parameters has an empty key. Please see https://aka.ms/resource-manager-parameter-files for details.
##[warning]Validation errors were found in the Azure Resource Manager template. This can potentially cause template deployment to fail. Task failed while creating or updating the template deployment.. Please follow https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-syntax
Deployment name is xxxxxxxxxxxx
##[error]Check out the troubleshooting guide to see if your issue is addressed: https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-resource-group-deployment...
##[error]Task failed while creating or updating the template deployment.
For me it look like there are some problems with parsing KeyVault secrets to values YML file can use