Access Key Vault from Azure DevOps Pipeline

When setting up deployment pipelines in Azure DevOps, sometimes you need to get secret information stored in Azure Key Vault. This article describes how to access Key Vault from your Azure DevOps Pipelines. It’s all about keeping sensitive data safe and making your deployment process smooth and reliable. Let’s dive in!

Pre-requisites:
1. Azure DevOps project and a key vault.
2. Permission to access Microsoft Entra ID applications.

What is Azure DevOps project service principal?

To know the service principle (entra application ID) associated with Azure DevOps project

1. navigate to ‘Project Settings’ – > ‘Service connections’.

2. Open any service connection and click on the ‘Manage Service Principal’ link as shown in the image below.

3. This will open the Microsoft Entra ID application associated with the DevOps project in Azure portal.

Access Key Vault from Azure DevOps Pipeline - View DevOps project Application ID

4. Note the Application (client) ID. This is the application ID to which we would need to grant access to Azure key vault.

Grant access to Azure DevOps application ID on Azure key vault

1. Navigate to the key vault in Azure portal that you want to access in Azure DevOps project pipelines.

2. Click on ‘Access policies’ on the left side navigation list and click ‘Create’ to create a new access policy.

3. Select the required permissions for the pipeline and Click ‘Next’.

4. Search for the application ID (from the previous section) and select the application.

Access Key Vault from Azure DevOps Pipeline

5. Authorise the app to perform the specified permissions on the User’s or Group’s behalf.

6. ‘Review’ the steps and click ”Create’ to grant access to the DevOps project on Azure key vault.

Access the key vault secrets in Azure DevOps YAML pipeline

Once the access is set up, you can add a Azure Key Vault Task in your YAML pipeline to access key vault secrets.

Add Azure key vault task in Azure DevOps YAML pipeline.

          - task: AzureKeyVault@1
            inputs:
              azureSubscription: 'service-connection-name'
              KeyVaultName: 'key-vault-name'
              SecretsFilter: 'secret1,secret2'
              RunAsPreJob: true

Pro tips:
1. Learn how to access Key Vault secrets in Azure Data Factory.

See more

Download Now

Kunal Rathi

With over 13 years of experience in data engineering and analytics, I've assisted countless clients in gaining valuable insights from their data. As a dedicated supporter of Data, Cloud and DevOps, I'm excited to connect with individuals who share my passion for this field. If my work resonates with you, we can talk and collaborate.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

What is Azure DevOps project service principal?

Grant access to Azure DevOps application ID on Azure key vault

Access the key vault secrets in Azure DevOps YAML pipeline

See more

Kunal Rathi

Spread the love.

Related