0

The scenario we're facing is that we have several secrets that have different values in each environment. Also, in the future, we are going to have new secrets.

So, the question is what is the best way for adding secrets to the key vault?

Manually: For each secret, we need to add it manually through either the portal or Azure CLI. We need to do it manually across all environments such as dev,qa, prod. The downside is that everything is manual and we need to hand over secrets to someone to add them to the key vault.

Automated: Is there any way for automating the whole process without putting secrets in files?

Improve this question
3
  • I don't understand what do you mean automation here, in which situation do you want to automate? Schedule? Could you give an example? Commented Dec 9, 2020 at 2:14
  • I'm looking for an alternative to the manual approach. I'm curious to see what the best practice is. The manual approach is always error-prone, there's always a chance you miss a configuration, and it put secrets at risk. Commented Dec 9, 2020 at 2:18
  • My workaround is to use azure powershell runbook, you can create different runbooks for different environments, then use Start-AzAutomationRunbook to run anyone you need at a specific time. Commented Dec 9, 2020 at 2:30

1 Answer 1

Reset to default
-1

We need to do it manually across all environments such as dev,qa, prod.

We could save the key to different Azure DevOps Variable groups and set the value to secret, then use them in different environments.

We can add task Azure PowerShell and add the key vault via below script, then use it in the other task. Please refer to this ticket for more details.

$secretvalue = ConvertTo-SecureString $(Secret) -AsPlainText -Force Set-AzureKeyVaultSecret -VaultName $(VaultName) -Name $(SecretName) -SecretValue (ConvertTo-SecureString $(Secret) -AsPlainText -Force)
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.