Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Key Vault datasource for Azure Resource Manager Endpoint type #3077

Closed
ogoodwin opened this issue Nov 11, 2016 · 4 comments
Closed

Key Vault datasource for Azure Resource Manager Endpoint type #3077

ogoodwin opened this issue Nov 11, 2016 · 4 comments
Assignees
@GitHubSriramB
Labels
Area: Release question

Comments

@ogoodwin
Copy link

I am creating a custom build task where I would like to bind a picklist to a key vault datasource from an ARM endpoint. The ARM endpoint type does not appear to define a datasource for retrieving key vaults from an azure subscription. Am I missing something here? Is there an alternative other than creating a new, custom endpoint type? Are there any plans to implement this feature?

Thanks
@KrishnaAdityaB
Copy link
Contributor

@ogoodwin
There is no first class support for this today. @RoopeshNair for further details.

Alternative Today
Write an Azure PowerShell script that reads from key vault and saves them as Build/Release variables for the next tasks to consume. You can use Azure PowerShell task to execute this script.

How to pass secrets from one task to other
You have to consume the VSTS Task SDK to get and set the Build/Release variables.
In the script read from key vault and save the secret as a variable secretFromKeyVault using the Set-VstsTaskVariable cmdlet. Don't forget to pass the -secret flag.
You can consume this in the next task by passing $(secretFromKeyVault) in the appropriate field of the task. Or if you want to consume it in another script, you can use Get-VstsTaskVariable cmdlet.

@ogoodwin
Copy link
Author

Thanks @KrishnaAdityaB. I have that portion working. My question was around displaying a picklist of existing subscription key vaults in the task UI rather having the user specify the name of the vault in an input field. As far as I understand, my options are to either add a new key vault datasource to the ARM endpoint type, or create a new custom endoint type that exposes a key vault datasource.

Thanks,

@KrishnaAdityaB
Copy link
Contributor

@ogoodwin sorry, I misunderstood the question first time.
@GitHubSriramB can help you on this

@GitHubSriramB
Copy link
Contributor

@ogoodwin - We support defining the URL to query inline with data source binding. So in your case, the custom build task can define a data source binding that doesn't refer to a data source but defines the URL to query as part of the data source binding itself.

for e.g.:
{
"target": "keyvault",
"endpointUrl": "https://management.azure.com/subscriptions/$(endpoint.subscriptionId)/resourcegroups/$(ResourceGroupName)/providers/Microsoft.KeyVault/vaults?api-version=2016-02-01",
"resultSelector": "jsonpath:$.value[*].name"
},

Pl. check the api version to use (the version I have used in the example above might not be the right one).

Also, you can optionally use resultTemplate in case you want to return back value/displayvalue (to show display value in the task input but store the value as part of the release definition).

@mclark1129 mclark1129 mentioned this issue Jan 13, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@GitHubSriramB GitHubSriramB

Labels
Area: Release question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@RoopeshNair @ogoodwin @GitHubSriramB @KrishnaAdityaB