Forum Discussion
Use keyvault secrets in pipeline (YAML).
I am trying to use a KeyVault to protect secret password for a database deployment.
The service connection have Contributor roll for the subscription, and sett up with get, set, list and delete access for secrets in access policy.
Use this step to get the keyvault secrets. Have also tested SecretFilter: ‘*’
trigger:
- None
pool:
vmImage: ubuntu-latest
steps:
- task: AzureKeyVault@2
inputs:
azureSubscription: 'VIP til Azure'
KeyVaultName: 'kvxxxxxxxxxxxxxxr6u'
SecretsFilter: 'vipDatabaseTestPassord,vipDatabaseTestAdmin'
RunAsPreJob: false
The result for this step is
Key vault name: kvxxxxxxxxxxxxx6u.
Downloading secret value for: vipDatabaseTestPassord.
Downloading secret value for: vipDatabaseTestAdmin.
Finishing: AzureKeyVault
For me it looks like the values are being read.
The next task
- task: AzureResourceManagerTemplateDeployment@3
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: 'xxxxxxxxxxxxx'
subscriptionId: 'xxxxxxxxxxxxxxxxxx'
action: 'Create Or Update Resource Group'
resourceGroupName: 'ResourceGroup'
location: 'xxxxxx'
templateLocation: 'Linked artifact'
csmFile: './sql/sqldeploy.json'
csmParametersFile: './sql/sqldeploy.parameters.json'
overrideParameters: '-administratorLoginPassword $(vipDatabaseTestPassord) -administratorLogin $(vipDatabaseTestAdmin)'
deploymentMode: 'Incremental'
This com up with following error
There were errors in your deployment. Error code: InvalidDeploymentParameterKey.
##[error]One of the deployment parameters has an empty key. Please see https://aka.ms/resource-manager-parameter-files for details.
##[warning]Validation errors were found in the Azure Resource Manager template. This can potentially cause template deployment to fail. Task failed while creating or updating the template deployment.. Please follow https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-syntax
Starting Deployment.
Deployment name is xxxxxxxxxxxx
There were errors in your deployment. Error code: InvalidDeploymentParameterKey.
##[error]One of the deployment parameters has an empty key. Please see https://aka.ms/resource-manager-parameter-files for details.
##[error]Check out the troubleshooting guide to see if your issue is addressed: https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-resource-group-deployment?view=azure-devops#troubleshooting
##[error]Task failed while creating or updating the template deployment.
For me it look like there are some problems with parsing KeyVault secrets to values YML file can use