Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

An Azure pipeline unavoidably uses confidential information including username and password. These need to be protected from unauthorised access by defining them as Secrets in an Azure Key Vault and allowing Azure to access them at runtime.

# Login to Azure and configure CLI
$> az login
$> az account set --subscription My-Azure-Subscription
$> az config set defaults.location=mygeolocation

# Create a Resource Group to group our MettleCI-related resources
$> az group create --name MettleCI

# Create key vault
$> az keyvault create \\n  --name MyDataStageEnvironment \\n  --resource-group MettleCI

# Set a secret in the vault
$> az keyvault secret set \\n  --name "MyPassword" \\n  --value "mysecretpassword" \\n  --vault-name MettleCI

# Create an Azure service principal called 'MettleCI'
$> az ad sp create-for-rbac --name MettleCI

Create a Key Vault

When your Key Vault ensure you attach an Access Policy which provides the Get and List permissions for Secrets.

For scenarios where you plan to use an Azure DevOps plan to facilitate DataStage upgrades we recommend creating a separate Key Vault for each of your Source and Target systems. For example, these are the key vaults we use when demonstrating upgrades from DataStage v11.5 to v11.7:

Next, back in Azure DevOps, go to the Library within your Project and create a Variable Group. Make sure you select the Link secrets from an Azure key vault as variables toggle.

Click the Pipeline permissions tab and ensure that you give your pipeline permission to access this Variable Group:

Executing Pipeline

  • No labels

© 2015-2024 Data Migrators Pty Ltd.