I'm creating a pipeline deploying an environment on premise. For the I have an on-prem agent where the pipeline is running. It has no access to the Azure Key Vault. At the same time I want to use in my pipeline credentials stored in Azure Key Vault.
I created a variable group and linked to Azure Key Vault and added secret I need. Then I referred the variable group in my pipeline and used the variable like this:
- variables:
- group: MyGroup
- jobs:
- job: OnPrem
pool: onprem
steps:
- bash: dologin -u user -p $(mySecret)
At the moment of executing the bash step pipeline times out because the agent has no network connection to Azure.
Starting: Download secrets: azure-secrets
==============================================================================
Task : Azure Key Vault
Description : Download Azure Key Vault secrets
Version : 1.232.0
Author : Microsoft Corporation
Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/deploy/azure-key-vault
==============================================================================
SubscriptionId: xxx.
Key vault name: azure-secrets.
Downloading secret value for: mySecret.
##[error]
mySecret: "connect ECONNREFUSED xxxx:443"
Finishing: Download secrets: azure-secrets
The question is - how do I bring it to the job, that is executed on that agent?
I tried to do:
- separate job executed on the agent from variable obtaining
- using macro variable and assigning to another variable so it would be passed to the job as a value
Please make sure you have the following resources,
Then you can make use of the AzureKeyVault@2 task to read the keyvault secrets from the pipeline like below,
task: AzureKeyVault@1
displayName: 'the name for your '
inputs:
*SecretsFilter if you are trying to retrieve specific keys from KayVault.
If you want all the keyvault secrets, remove the SpecificSecrets from the inputs.
To use the keyvault secret in your pipeline, you can make use of this syntax: $(KeyVaultSecretKey). Hope this helps!