Azure DevOps Plugin

Suggest Edits

Prerequisites

  1. Add Vault Interaction task to your organization from here: https://marketplace.visualstudio.com/items?itemName=Fizcko.azure-devops-vault-interaction
  2. Create your pipeline if it doesn’t exist https://docs.microsoft.com/en-us/azure/devops/pipelines/create-first-pipeline?view=azure-devops&tabs=java%2Cyaml%2Cbrowser%2Ctfs-2018-2

Configuration

  1. Edit your pipeline as follows:
    a. Add Vault - Read KV Secrets task:

b. Add Akeyless host:

c. Add your Akeyless token

📘

Info

The Token value is a concatenation of your Access ID and your Access Key in the following format:
< Access ID >".."< Access Key >. And can be used more securly as an environment variable.

d. For using Static Secrets:
(i) Add the three below mention fields, the secret path should contain your secret path in Akeyless Vault, engine path & KV version should be fixed as follow:

(ii) The final task should look like this:

- task: [email protected]
 inputs:
   strUrl: 'https://hvp.akeyless.io'
   ignoreCertificateChecks: true
   strAuthType: 'clientToken'
   strToken: 'access_id..access_key'
   strKVEnginePath: '/secret/data'
   kvVersion: 'v1'
   strSecretPath: '/test'
   strPrefixType: 'custom'
   replaceCR: 'false'

(iii) After running your pipeline you’ll see this input in VaultReadKV step:

e. For using Dynamic Secret:
(i) Add the 3 below mentioned fields, the secret path should contain your dynamic secret path in Akeyless Vault, engine path & KV version should be configured as follows:

(ii) The final task should look in this fashion:

- task: [email protected]
 inputs:
   strUrl: 'https://hvp.akeyless.io'
   ignoreCertificateChecks: false
   strAuthType: 'clientToken'
   strToken: 'access_id..access_key'
   strKVEnginePath: 'mysql/creds'
   kvVersion: 'v1'
   strSecretPath: '/test'
   strPrefixType: 'custom'
   replaceCR: false

(iii) Add a script block for using the mysql credentials:

- script: |
   mysql --host XXXXX --port 3306 --user=$(username) --password='$(password)' -e 'show databases;'
 displayName: 'Show Databases in DB'

(iv) After running your pipeline, you’ll see this input in Show Databases in DB step:

Updated 12 days ago