Azure DevOps Plugin
To install this plugin you'll have to add the Vault Interaction task to your organization using this link.
Configuration
In your project, under Pipelines, select the relevant pipeline and click "Edit".
- Search for the "Vault - Read KV Secrets" Task, select it and configure it as follows:
Under Vault Server Settings: add the following Akeyless host as your Vault URL: https://hvp.akeyless.io
, to work with your own Akeyless Gateway set the Vault URL to point your Gateway on port 8200
.
Under Authentication Method: choose Client Token and provide the Akeyless token following this format:
The Token value can be a concatenation of your Access ID and your Access Key for an API Key authentication in the following format: < Access ID >".."< Access Key >
. And should be used more securely as an environment variable.
Alternatively, to work with any other Authentication Methods you can extract your token using Akeyless auth
command:
akeyless auth --access-id <Access ID> --access-type <Auth method type>
To work with Static Secrets edit the following KV Settings:
For KV engine path, set secret/data
. KV version should be set to v1
and Secret path should contain your secret full path in Akeyless.
The final task should look like this:
- task: [email protected]
inputs:
strUrl: 'https://hvp.akeyless.io'
ignoreCertificateChecks: true
strAuthType: 'clientToken'
strToken: 'access_id..access_key'
strKVEnginePath: '/secret/data'
kvVersion: 'v1'
strSecretPath: '/test'
strPrefixType: 'custom'
replaceCR: 'false'
After running your pipeline, you’ll see this input in the VaultReadKV step:

To fetch Dynamic Secrets edit the following KV Settings:
For KV engine path set mysql/creds
. KV version should be set to v1
and Secret path should contain your secret full path in Akeyless.
The final task should look in this fashion:
- task: [email protected]
inputs:
strUrl: 'https://hvp.akeyless.io'
ignoreCertificateChecks: false
strAuthType: 'clientToken'
strToken: 'access_id..access_key'
strKVEnginePath: 'mysql/creds'
kvVersion: 'v1'
strSecretPath: '/test'
strPrefixType: 'custom'
replaceCR: false
Add a script block for using the mysql credentials:
- script: |
mysql --host XXXXX --port 3306 --user=$(username) --password='$(password)' -e 'show databases;'
displayName: 'Show Databases in DB'
After running your pipeline, you’ll see this input in Show Databases in DB step:
Updated 3 months ago