'Reading KeyVault from Devopos Pipeline - YAML

Adding task in yaml to read KV.

I got this yaml code:

parameters:
  - name: DeployTo
    type: string
    default: SIT
    values:
      - SIT
pool:
    vmImage: vs2017-win2016
variables:
    environmentToDeploy: ${{ lower(parameters.DeployTo)}}
    subscription: np
  
stages:
- stage: SIT
  displayName: SIT - Infrastructure deploy 
  condition: eq('${{ parameters.DeployTo}}','SIT')

  jobs:
     - template: ymlTemplates\environment-deploy.yml  # Template reference
       parameters:
          DeployTo: '${{ parameters.DeployTo }}'
          environmentToDeploy: '${{ variables.environmentToDeploy }}'
          subscriptionId: 'xxxf7fc0-exx3-x000-9f55-04xxxxxx76f4'
          SqlPassword: $(sqlpassword)
          AdminPassword: $(adminpassword)

Currently values for sqlpassword and adminpassword are being passed as pipeline variables. I would like to read this from KeyVault. How can i put a task in this .yaml before jobs. :)

azure-devopsyamlazure-pipelines-yamlschema.yml


Solution 1:[1]

Use AzureKeyVault task. The secrets from KeyVault will become available as pipeline variables.

The pipeline would look like this:

  jobs:
     # assuming 'sqlpassword' and 'sqlpassword' secrets in keyvault
     - task: AzureKeyVault@1
       inputs:
         azureSubscription: 'my azure subscription'
         keyVaultName: 'my vault'
         secretsFilter: '*'

     - template: ymlTemplates\environment-deploy.yml  # Template reference
       parameters:
          DeployTo: '${{ parameters.DeployTo }}'
          environmentToDeploy: '${{ variables.environmentToDeploy }}'
          subscriptionId: 'xxxf7fc0-exx3-x000-9f55-04xxxxxx76f4'
          SqlPassword: $(sqlpassword)
          AdminPassword: $(adminpassword)

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 qbik

Related Questions

How to fix "mapping values are not allowed in this context " error in yaml file?

YAML indentation for array in hash

In docker-compose, is it possible to reuse volume configuration between services?

How can I parse a YAML file from a Linux shell script?

Adding time stamp to Kubernetes deployment with latest tag

How to have multiple object types in a single openshift yaml template?

Preserving quotes in ruamel.yaml

How to validate openapi 3.0.0 yaml spec?

How to update YAML file without loss of comments and formatting / YAML automatic refactoring in Python

In YAML how can I comment a part of a line?

Mac cli to convert yaml to json

Can't set Password for Postgres using docker-compose

Repository Name as a GitHub Action environment variable?

Java.io.FileNotFoundException : YAML file does not exists

YAML equivalent of array of objects in JSON