Prerequisites
- Add Vault Interaction task to your organization from here: https://marketplace.visualstudio.com/items?itemName=Fizcko.azure-devops-vault-interaction
- Create your pipeline if it doesn’t exist https://docs.microsoft.com/en-us/azure/devops/pipelines/create-first-pipeline?view=azure-devops&tabs=java%2Cyaml%2Cbrowser%2Ctfs-2018-2
Configuration
- Edit your pipeline as follows:
a. Add Vault - Read KV Secrets task:
b. Add Akeyless host:
c. Add your Akeyless token, a dedicated access_id+..+access_key:
d. For using Static Secrets:
(i) Add the three below mention fields, the secret path should contain your secret path in Akeyless Vault, engine path & KV version should be fixed as follow:
(ii) The final task should look like this:
- task: [email protected]
inputs:
strUrl: 'https://hvp.akeyless.io'
ignoreCertificateChecks: true
strAuthType: 'clientToken'
strToken: 'access_id..access_key'
strKVEnginePath: '/secret/data'
kvVersion: 'v1'
strSecretPath: '/test'
strPrefixType: 'custom'
replaceCR: 'false'
(iii) After running your pipeline you’ll see this input in VaultReadKV step:
e. For using Dynamic Secret:
(i) Add the 3 below mentioned fields, the secret path should contain your dynamic secret path in Akeyless Vault, engine path & KV version should be configured as follows:
(ii) The final task should look in this fashion:
- task: [email protected]
inputs:
strUrl: 'https://hvp.akeyless.io'
ignoreCertificateChecks: false
strAuthType: 'clientToken'
strToken: 'access_id..access_key'
strKVEnginePath: 'mysql/creds'
kvVersion: 'v1'
strSecretPath: '/test'
strPrefixType: 'custom'
replaceCR: false
(iii) Add a script block for using the mysql credentials:
- script: |
mysql --host XXXXX --port 3306 --user=$(username) --password='$(password)' -e 'show databases;'
displayName: 'Show Databases in DB'
(iv) After running your pipeline, you’ll see this input in Show Databases in DB step:
Updated 2 months ago