Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

An Azure pipeline unavoidably uses confidential information including username and password. These need to be protected from unauthorised access by defining them as Secrets in an Azure Key Vault and allowing Azure to access them at runtime.

See Variable groups for Azure Pipelines - Azure Pipelines | Microsoft Docs

# Login to Azure and configure CLI defaults
$> az login
$> az account set --subscription MyAzureSubscription
$> az config set defaults.location=mygeolocation

# Setup DevOps CLI defaults
$> az devops configure --defaults project=MyProject
$> az devops configure --defaults organization=https://dev.azure.com/MyOrganization 

# Create a Resource Group to group our MettleCI-related resources
$> az group create --name MettleCI

# Create key vault
$> az keyvault create \\n  --name MyDataStageEnvironment \\n  --resource-group MettleCI

# Set a secret in the vault
$> az keyvault secret set \\n  --name "MyPassword" \\n  --value "mysecretpassword" \\n  --vault-name MettleCI

# Create an Azure service principal called 'MettleCI'
$> az ad sp create-for-rbac --name MettleCI

Creating Secret Values in a Variable Group

Create a Variable Group Based on an Azure Key Vault

Create an Azure Key Vault

When your Key Vault ensure you attach an Access Policy which provides the Get and List permissions for Secrets.

For scenarios where you plan to use an Azure DevOps plan to facilitate DataStage upgrades we recommend creating a separate Key Vault for each of your Source and Target systems. For example, these are the key vaults we use when demonstrating upgrades from DataStage v11.5 to v11.7:

Create a Variable Group linked to a Key Vault

Next, back in Azure DevOps, go to the Library within your Project and create a Variable Group. Make sure you select the Link secrets from an Azure key vault as variables toggle.

Click the Pipeline permissions tab and ensure that you give your pipeline permission to access this Variable Group:

Grant an Azure Pipeline access to your Variable Group

When executing your Pipeline for the first time you may see a prompt like this.

Click View then grant access on the dialog which appears.

  • No labels