Continuing from my last post, I am going to describe how a pipeline can access secrets from Azure Key Vault. I am going to explain the process through a demo. We would be covering the following points in this post –
- Create an ASP.NET Core web application and display some configuration values
- Create a Key Vault and add some secrets
- Create Key Vault access policy for pipeline service principal
- Update pipeline to use Key Vault task
- Run the pipeline and view the updates
Prerequisites
I wont spend time explaining creating the web application. Although, I will provide screenshot of what I did without going into a lot of details. Additionally, I wont get into the details of creating the CI/CD pipelines. My web application will be hosted as an Azure app service, I wont get into that detail as well. The focus is to demonstrate how to access Key Vault from pipelines and we will stick to that. I am using visual studio 2019 and am working with .NET Core 3.1. So, lets get started.
Note: The source code is available in my Github repository in this path.
1. Create an ASP.NET Core web application
Step 1: To start with, I created an ASP.NET web application. Following are the steps –
Step 2: This step is important and interesting. What I am trying to do here allowing the appsettings.json file to store some configuration values like connectionString and testToken. Later in the flow, we will see how those values are fetched from the Key Vault and gets replaced. Therefore, go ahead and make these changes.
Step 3: Now, try running the application. As a result, you can see that the 2 values, connectionString and testToken, are displayed on the screen. We will see how to override these values in the DevOps pipeline with values retrieved from Key Vault.
2. Create a Key Vault and add secrets
Step 4: Next, let’s go into the Azure portal and create the Key Vault. I’ve navigated to the resource group that contains the App Service that Azure DevOps is using to deploy my project to. Add a new resource, find Azure Key Vault and click Create. Enter a name for the Key Vault and choose a region. Select the default pricing tier, which uses software-backed keys. But you can also choose the premium tier to store your keys in hardware security modules. I won’t add an access policy yet. I’ll allow access from all virtual cnetworks. Skip adding tags for now. After that, Click ‘Create’ to create the Key Vault.
Step 5: The next thing I will do is create some secrets. These will be the values we use to override the ones that developers are storing in the appsettings.json code in the Azure Repo. I’m acting as an administrator in operations who has permissions to create keys. Go to the Secrets tab and click the Generate/Import button. I am going to manually create this secret. Therefore, I’ll give it the same name as what’s in the app settings file, but this really doesn’t matter as long as I map it within the DevOps pipeline. It’s just a secret here. Note the values. I have replaced the ‘local’ keyword with ‘AzureKeyVault’ so that we can test the override.
Keep everything else intact. After that, click on Create.
Step 6: Similarly, create the other secret for testToken.
3. Create Key Vault access policy for pipeline service principal
Step 7: Now we need to give Azure DevOps permission to access these secrets. For that, we need the service principal that you would have created while creating a service connection in Azure DevOps. So, let me go back into the DevOps portal. I’m inside my project and I’ll go down to Project settings and go to Service connections. Here you can see the service connection that the deployment task uses to push the complied web app to Azure App Service. So let’s get the name of that service principal by clicking on Manage Service Principal. The Azure portal opens up. After that, copy the display name of the service principal.
Step 8: Let’s go back into Key Vault. Go down to Access policies in the left menu, and add a new access policy. I want to give specific permissions to that service principal. Click on Select Principal and paste the service principal name that you copied earlier. The particular value will show up as search result. Choose it and click Select.
Step 9: After that, go to Secret Permissions and select Get and List as that’s what we need. Once you add these, go back to the access policy screen. Click on Save. Don’t forget to save these changes, otherwise the new access policy won’t get added.
4. Update pipeline to use Key Vault task
We need to update 2 things in the pipeline. Firstly, add the Azure Key Vault task. Secondly, update the App Service Deploy task to override the values selected from the Key Vault. Now, it really depends on how you have configured your pipeline. In other words, whether you have added the App Service Deploy task in your CI pipeline or CD pipeline. Wherever it is, the process is the same. The only difference being, if modifying the CI pipeline, you would update your YAMP file. If modifying the CD pipeline, you will be adding the task and configuring it in the classic UI way.
In my case, the App Service Deploy task is present in my Release pipeline. Therefore, I will update my release pipeline. But, don’t worry, once you see what to do, you can easily do it in your build pipeline.
4.1 Add Azure Key Vault task
Step 10: In the release pipeline, click on x job, x task. In my case, I just have a Deploy Azure App Service task. We need to add a task before the Deploy App Service task. Search for ‘Key Vault’ and the result will display Azure key Vault task. Add it.
We will be connecting to Azure using the service connection we created earlier – that will show up the Azure Subscription dropdown. Once we choose that, the Key Vault list updates to include the ones we have access to. The reason we can see this is not because of the permissions we just added. It’s actually because the Key Vault was created in the resource group that the service connection is scoped to. When you created the service connection, you had to choose a resource group.
4.2 Update Azure Deploy App Service task
Step 11: At this point, all of the Key Vault secrets are available as environment variables within the pipeline. Next, let’s update the App Service deploy task so that we can override the values that are stored in the appsettings.json file.
Click on the Deploy Azure App Service task. Find the setting, Application and Configuration Settings. In the App setting textbox, add the code, -connectionString “$(connectionString)” -testToken “$(testToken)”
-connectionString denotes the parameter to be overwritten. $(connectionString) is the value from key vault.
Step 12: At the end, click on Save and provide a comment.
5. Run the pipeline and view the updates
Step 13: I want to do the whole deal. Which means, I will do a code change, push it to DevOps and run both my CI and CD pipeline. Therefore, I changed my welcome version to 2.0 in my Index.cshtml file and pushed it to Azure repos. This triggered both the build and release pipeline.
Step 14: After the successful completion of both the pipelines, I went to my Azure App Service in Azure Portal and clicked on the URL to launch the webpage. Voila!! The values are updated from the Azure Key Vault.
One last thing I want you all to notice. In the Azure Portal, go to your web app and click on Configuration under Settings. Here those two variables appear because we pushed them as part of the deployment task. And these values were used to override the ones in the appsettings.json file.
I hope this was helpful. Do let me know in case of any questions. Until next time, goodbye and stay safe.
The follow up post is even better, detailed steps. Thanks
whoah tһіs blog iѕ great i lіke reading youг articles.
Keeep uр the gгeat worк! Υou recognize, mɑny individuals are searching round fοr thіs infoгmation,
you couⅼd һelp them greɑtly.
This іs my fіrst timе go to see at hеre and i amm actally impressed tօ reaɗ
all at alone place.
Hi my friend! Ι want tο say that this artile is awesome, great ԝritten ɑnd cօme ᴡith аpproximately all іmportant infos.
I’d lіke to look more posts likе tjis .
Here is my website … spotify premium free
Today, I went to the beachfront with my kids.
I found a sea shell and gave it to my 4 year old daughter and said “You can hear the ocean if you put this to your ear.” She placed the shell to her
ear and screamed. There was a hermit crab inside and it pinched her ear.
She never wants to go back! LoL I know this is entirely off topic but I had to tell someone!
Great beat ! I wish to apprentice while you amend your site, how could i subscribe for a blog web site?
The account helped me a acceptable deal. I had been tiny bit acquainted
of this your broadcast offered bright clear idea
Sorry, I didn’t get your question. Do you want to know how to create a similar website?
Fascinating blog! Is your theme custom made or did you download it from somewhere?
A theme like yours with a few simple adjustements would really make my blog stand out.
Please let me know where you got your design. Many thanks
Thanks, I use https://www.elegantthemes.com/
Way cool! Some extremely valid points! I appreciate you penning this article plus the rest of the
website is also really good.
Hi to every one, it’s in fact a fastidious for me to pay a quick visit this web site, it consists of valuable Information.
A person essentially help to make critically posts I might state.
This is the first time I frequented your website page and to this
point? I surprised with the research you made to create this particular put up incredible.
Wonderful activity!
Appreciate the recommendation. Let me try it out.
Heya great blog! Does running a blog such as this require a large amount of work?
I have absolutely no understanding of programming however
I had been hoping to start my own blog soon. Anyhow,
if you have any ideas or techniques for new blog owners please share.
I know this is off subject nevertheless I just had to ask.
Many thanks!
Hello there! I could have sworn I’ve been to this site before but after looking at a few of the articles I realized it’s new to me.
Anyhow, I’m definitely delighted I found it and I’ll
be bookmarking it and checking back frequently!
What’s up friends, good article and good arguments commented here, I am truly enjoying by these.
Stunning story there. What happened after? Thanks!
Itts ike you learn my mind! You seem to grasp so much approximately this, such
as you wrote the e book in it or something. I believe that you simply can do with some % to power the message hkme a
little bit, however instead oof that, this is fantastic blog.
A fantastic read. I’ll certainly bee back.
I needed to thank yyou for this great read!! I definitely enjoyed every bit of
it. I have you book-marked to look at new stuff
you post…
Appreciation to my father who distributed to me on the subject of this blog,
this web site is actually remarkable.
my web page HectorQKhauv
Paragraph writing is also a fun, if you know then you can write otherwise it is difficult to
write.
I have read so many posts about the blogger lovers however this piece of
writing is really a pleasant paragraph, keep it up.
I have been exploring for a little for any high quality artickes or weblog posts on this sort of space .
Exploring in Yahooo I finally stubled upon this
site. Reading this info So i am hapy to express tuat I’ve a vry just right uncanny feeling I found out just
what I needed. I so much for sure will make certain to don?t omitt
this website and provides it a glance regularly.
I’m not that much of a online reader tto be honest but your
blogs really nice, keep it up! I’ll go aheasd and bookmark yopur website to come back later on. Many thanks
Asking questions are in fact good thing iff you are not understanding something fully,
however this piece of writing offers fastidious understanding yet.
You can certainly see your enthusiasm within the article you write.
The world hopes for even more passionate writers such as you who are not afraid to say how they believe.
Always go after your heart.
I am just extremely impressed together with your writing talents and
also with the structure within your weblog. Is the fact that
this a paid subject material or did you modify it yourself?
In either case keep up the nice quality writing, it can be
rare to find out a nice weblog such as this one nowadays..
Stop by my web-site :: FelixEDarity
Excellent post. Keep posting such kind of info on your
site. Im really impressed by your site.
Hi there, You’ve performed a fantastic job. I will definitely digg it
and for my part suggest to my friends. I am sure they’ll be benefited
from this site.
Here is my web blog; m88
Hi! I just want to offer you a huge thumbs up for the excellent information you have
here on this post. I am returning to your blog for more soon.
My site … w88
I think this is among the most significant info for me. And i am glad reading your article.
But want to remark on few general things, The web site
style is ideal, the articles is really excellent : D. Good job,
cheers
Ԝhat’s up, the whole thing is going ell here and ofcourѕe eѵfery one is ѕharung facts,
that’s ցenuinely good, keep up writіng.
my web page … Menowitz Marc
Thanks designed for sharing such a nice idea, piece of writing is good,
thats why i have read it fully
my blog post; w88
Hello, i think that i saw you visited my
blog thus i came to “return the favor”.I am trying to find things to
improve my website!I suppose its ok to use some of your ideas!!
Hi there, I discovered your blog by way of
Google whilst searching for a comparable topic, your web site
came up, it appears good. I’ve bookmarked it in my google bookmarks.
Hi there, just turned into aware of your weblog through Google, and found that it’s truly informative.
I’m going to watch out for brussels. I will appreciate in the event you
continue this in future. Numerous other folks can be benefited from
your writing. Cheers!
Hey There. I discovered your blog using msn. That is a very well written article.
I will make sure to bookmark it and come back to read extra of
your helpful info. Thank you for the post. I’ll definitely return.
Also visit my webpage … fun88
I am regular reader, how are you everybody?
This piece of writing posted at this web page is in fact
nice.
Thanks for sharing your thoughts on 배트맨 토토. Regards
Wonderful goods by you, man. I have remember your stuff previous to and you’re just extremely excellent.
I actually like what you might have obtained on this site, certainly like what you are
stating and the most effective way during which you say
it. You’re making it entertaining and you still deal with
to keep it wise. I are unable to wait to learn considerably more on your part.
That is certainly actually a tremendous site.
my page … NorbertoRHok
Thanks that’s pretty simple and informative examples with screenshot really helps us.
Hey there! I’ve been reading your weblog for some time now and finally got the courage to go ahead
and give you a shout out from Houston Texas!
Just wanted to say keep up the great job!
It’s going to be ending of mine day, except before finish I
am reading this impressive article to increase my experience.
Pretty! This was an extremely wonderful post. Many thanks for supplying this information.
I’m curious to find out what blog platform you have been utilizing?
I’m experiencing some small security issues with
my latest site and I would like to find something more safeguarded.
Do you have any suggestions?바카라사이트
Great article, just what I wanted to find.
my page :: Judi online terpercaya
This website was… how do I say it? Relevant!! Finally I have found something that helped me. Thanks!
Nice post. I learn something totally new and challenging on sites I stumbleupon on a daily basis.
It’s always exciting to read through articles from other writers and practice a little something from their sites.
This is a really good tip particularly to those fresh to the blogospher부산키스방
e. Short but very accurate information… Thank you for sharing this one. A must read post.
Heya i am for the first time here. I found this board and I find It truly useful & it helped me out a lot.
I hope to give something back and help others like you aided me.
If you are going for most excellent contents like myself,
simply go to see this site all the time for the reason that it presents
feature contents, thanks
Hi there, I enjoy reading through your article post.
I like to write a little comment to support you.
I don’t even know the way I finished up here, but I believed this publish used to be good.
I do not recognize who you are however certainly you are going to a well-known blogger for those who
are not already. Cheers!
Hey! Do you use Twitter? I’d like to follow you
if that would be okay. I’m undoubtedly enjoying your blog and look forward to new posts.
Excellent blog you have here but I was wanting to know if you knew of
any message boards that cover the same topics talked about in this article?
I’d really love to be a part of group where I
can get responses from other experienced individuals that share the
same interest. If you have any recommendations, please let me know.
Cheers!
Excellent post. I was checking continuously this blog and I’m impressed! Extremely useful information specifically the last part 🙂 I care for such information much. I was seeking this certain info for a very long time. Thank you and best of luck.
Hmm it seems like your blog ate my first comment (it was extremely long) so I guess I’ll just sum it
up what I submitted and say, I’m thoroughly enjoying your blog.
I too am an aspiring blog writer but I’m still new to everything.
Do you have any tips for novice blog writers?
I’d certainly appreciate it.
Does your website have a contact page? I’m having a tough time locating it but, I’d like to send you an email. I’ve got some creative ideas for your blog you might be interested in hearing. Either way, great website and I look forward to seeing it expand over time.
I’d have to check with you here. Which isn’t one thing I usually do! I take pleasure in studying a submit that will make individuals think. Also, thanks for permitting me to comment!
Normally I tend not to learn post on blogs, but I want
to point out that this write-up very pressured me to look at and do so!
Your writing style continues to be amazed me. Thank you, quite great post.
Visit my web blog … ReyesCNifong
Greetings from Idaho! I’m bored at work so I decided to browse your blog on my
iphone during lunch break. I really like the knowledge you provide here and can’t wait to
take a look when I get home. I’m shocked at how quick your blog loaded on my cell phone ..
I’m not even using WIFI, just 3G .. Anyways, amazing blog!
I found your blog website on google and test a couple of of your early posts. Proceed to maintain up the very good operate. I simply further up your RSS feed to my MSN News Reader. Seeking forward to studying more from you afterward!…
Amazing! This blog looks just like my old one!
It’s on a totally different subject but it has pretty
much the same layout and design. Great choice of colors!
It’s a shame you don’t have a donate button! I’d certainly donate to this excellent blog! I guess for now i’ll settle for book-marking and adding your RSS feed to my Google account. I look forward to fresh updates and will share this site with my Facebook group. Talk soon!
It’s impressive that you are getting ideas from this post as
well as from our argument made at this place.
Hey I know this is off topic but I was wondering if you knew of any widgets I could add
to my blog that automatically tweet my newest twitter updates.
I’ve been looking for a plug-in like this for quite some time and was hoping
maybe you would have some experience with something
like this. Please let me know if you run into anything.
I truly enjoy reading your blog and I look forward
to your new updates.
You can follow this – https://cache404.net/add-twitter-feed-to-your-wordpress-site/
Hello! This is my 1st comment here so I just wanted to give a quick shout out
and tell you I truly enjoy reading through your posts.
Can you recommend any other blogs/websites/forums that go over the same topics?
Thank you so much!
I am not sure where you’re getting your info,
but great topic. I needs to spend some time learning much more or understanding more.
Thanks for magnificent information I was looking for this information for my
mission.
Cool blog! Is your theme custom made or did you download
it from somewhere? A design like yours with a few simple tweeks would really make my blog shine.
Please let me know where you got your design. Thanks
Thanks for a marvelous posting! I seriously enjoyed reading it, you will be a great author.
I will make sure to bookmark your blog and may come back sometime soon. I want to encourage you to ultimately continue your great posts, have a nice evening!
I’m extremely pleased to find this great site. I wanted to
thank you for your time for this particularly fantastic read!!
I definitely appreciated every bit of it and I have you book-marked
to check out new information in your web site.
I couldn’t resist commenting. Well written!
This page certainly has all the information I wanted about this subject
and didn’t know who to ask.
It’s an amazing post for all the internet visitors; they will take advantage from it I am sure.
i love this flawless article
It’s really a cool and helpful piece of information. I am glad that you shared
this helpful info with us. Please stay us informed
like this. Thank you for sharing.
I think everything said was very reasonable. But, what about
this? what if you composed a catchier post title?
I mean, I don’t want to tell you how to run your blog, but suppose you added a title that makes people want more?
I mean Tutorial: AZURE DEVOPS PIPELINE: Accessing SECRETS from AZURE KEY VAULT
– Cache404 is kinda vanilla. You should glance at Yahoo’s front page and note how they create article headlines to
get viewers interested. You might add a related
video or a pic or two to grab people excited about everything’ve written. In my opinion, it might bring your posts a little bit more interesting.
I’m really enjoying the design and layout of your
blog. It’s a very easy on the eyes which makes it much more
enjoyable for me to come here and visit more often. Did you hire out a designer to create your
theme? Fantastic work!
I like the helpful information you supply for
your articles. I will bookmark your blog and test again right here frequently.
I’m rather sure I will learn many new stuff proper here!
Best of luck for the following!
Hi everyone, it’s my first pay a visit at this web page, and piece
of writing is truly fruitful in favor of me, keep up posting such
articles.
Your style is unique in comparison to other people I’ve read stuff from.
Thank you for posting when you have the opportunity, Guess
I will just book mark this web site.
Piece of writing writing is also a fun, if you be familiar with
after that you can write otherwise it is complicated to write.
An outstanding share! I’ve just forwarded this onto a co-worker
who has been conducting a little homework on this.
And he actually bought me dinner simply because I discovered it for him…
lol. So let me reword this…. Thank YOU for the meal!!
But yeah, thanks for spending some time to talk about this issue here on your
website.
This blog was… how do I say it? Relevant!! Finally I have found something which helped me.
Thank you!
Thank you for another great post. The place else could anyone get that kind of information in such a perfect
way of writing? I have a presentation subsequent
week, and I’m on the search for such information.
Usually I do not learn article on blogs, but I would like to say that this write-up very pressured me to try and do
it! Your writing taste has been surprised me. Thanks, quite nice post.
I love your blog.. very nice colors & theme. Did you design this website
yourself or did you hire someone to do it for you? Plz reply as I’m looking to create
my own blog and would like to find out where u got this from.
thanks a lot
I’m really inspired together with your writing skills and also
with the structure in your weblog. Is that this a paid
theme or did you modify it your self? Anyway stay up the excellent high quality
writing, it’s uncommon to peer a great weblog like
this one today..
I am really impressed with your writing skills as well as with
the layout on your weblog. Is this a paid theme or did you modify it yourself?
Anyway keep up the excellent quality writing, it’s rare to
see a nice blog like this one nowadays.
These are in fact fantastic ideas in about blogging.
You have touched some pleasant factors here. Any way keep up wrinting.
It’s really a cool and helpful piece of info. I
am happy that you shared this useful info with us. Please
keep us up to date like this. Thank you for sharing.
First of all I want to say awesome blog! I had a quick question in which
I’d like to ask if you don’t mind. I was curious to find out
how you center yourself and clear your head prior to writing.
I have had a difficult time clearing my thoughts in getting my thoughts out.
I truly do take pleasure in writing however it just seems like the first
10 to 15 minutes tend to be wasted just trying to figure out how to begin. Any ideas
or tips? Appreciate it!
I really like it whenever people get together and share views.
Great website, keep it up!
What’s up, every time i used to check blog posts here in the early hours in the dawn, for
the reason that i enjoy to find out more and more.
Wow, superb blog layout! How long have you been blogging for?
you made blogging look easy. The overall look of your site is fantastic, as well as the content!
Hey there I am so grateful I found your webpage, I really found you by
accident, while I was researching on Google for something
else, Nonetheless I am here now and would just like to say kudos for a fantastic post
and a all round exciting blog (I also love the theme/design), I don’t
have time to browse it all at the moment but I have book-marked it and also
included your RSS feeds, so when I have time I will be
back to read more, Please do keep up the fantastic job.
My brother suggested I would possibly like this website. He was once entirely right.
This submit truly made my day. You cann’t consider just how so
much time I had spent for this information! Thank you!
I’ve learn a few excellent stuff here. Certainly value bookmarking for revisiting. I surprise how so much effort you set to make one of these magnificent informative site.
Wow, marvelous blog layout! How lengthy have you been running a blog for?
you make blogging glance easy. The entire look of your
site is wonderful, let alone the content!
Hey very interesting blog!
Hello, just wanted to say, I enjoyed this blog post.
It was funny. Keep on posting!
This post will assist the internet visitors for building
up new webpage or even a weblog from start to end.
Thanks for one’s marvelous posting! I seriously enjoyed reading it, you
might be a great author.I will ensure that I bookmark your blog and
definitely will come back later in life. I want to encourage you continue
your great posts, have a nice evening!
Solemn、 convenient、 simple and easy is most likely the method of Rolex manner.
It’s fantastic that you are getting ideas from this article as well as from our discussion made at this time.
Keep on writing, great job!
Hey very nice blog!
This is a good tip especially to those new
to the blogosphere. Short but very precise info… Thank you for sharing this
one. A must read post!
Good post. I learn something totally new and challenging on sites I stumbleupon every day.
It’s always interesting to read through articles from other authors and
use something from their sites.
The very next time I read a blog, Hopefully it won’t fail me as much as this one. After all, I know it was my choice to read through, but I genuinely believed you would have something interesting to say. All I hear is a bunch of crying about something you could fix if you weren’t too busy looking for attention.
This piece of writing presents clear idea in favor
of the new viewers of blogging, that in fact how to
do blogging and site-building.