none
Azure Dev Ops RRS feed

  • Question

  • Hello Team,

    We have a requirement wherein we have created a variable group within the Azure devops library and want to create a release pipeline where we want to create a powershell code that should add all the values from variable group into the keyvault.

    So is there any powershell command by which we can get the list of all the varibales within the variable group?

    Wednesday, October 16, 2019 4:35 AM

All replies

  • Hi Nandan,

    You can invoke REST API calls through PS to get the variables and use KV commands to save them as secrets in KV.

    REST API Call: https://docs.microsoft.com/en-us/rest/api/azure/devops/distributedtask/variablegroups/get%20variable%20groups%20by%20id?view=azure-devops-rest-5.1

    PS : https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-webrequest?view=powershell-6

    KV : https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/set-azurekeyvaultsecret?view=azurermps-6.13.0


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

    Wednesday, October 16, 2019 2:01 PM
    Moderator
  • Hi Nandan, I am not sure why you wish to copy the values from variable groups into key-vault. You can just link the variable groups to the release pipeline. This can be accomplished from the tab Variables > Variable Groups > Link Variable Groups.

    Again, if that is the technical direction you wish to follow, then you can follow Manoj's advice.


    Best regards, Chiranjib

    Friday, October 18, 2019 11:29 AM
  • Hello Chiranjib,

    Thank you for the reply.

    We need to add secrets in the key vault for other users to access .

    So instead of manually adding any secret into the key vault,

     what I am thinking is create a variable group  and any one who wants to add a secret into the keyvault can go and create a variable(secured) in the variable grp and via release pipeline all the variables within the variable grp be added/updated in the key vault.

    Hence, wanted to know is there any by which i can get the list of all the variables within the variable grp via powershell command

    Tuesday, October 22, 2019 3:13 AM
  • Hi Nandan

    Ok. Understood.

    Could you please try something like below:

    1. Add the variables you need to the variable group.

    2. Link the variable group to the release you have created.

    3. Add a powershell task to the release pipeline.

    4. Use an inline script like below.

    Set-AzureKeyVaultSecret -VaultName $(VaultName) -Name $(KeyName) -SecretValue $(KeySecret)
    
    Get-AzureKeyVaultSecret -VaultName $(VaultName) -Name $(KeyName)

    The $(names) are all variable names which will need to be set before you run the release task.

    This is a basic one to provide an idea. Hope you can improvise on this to meet your specific business need and find this suggestion useful.


    Best regards, Chiranjib

    Tuesday, October 22, 2019 7:29 AM