Skip to content

Latest commit

 

History

History
227 lines (170 loc) · 8.01 KB

azure-key-vault-v1.md

File metadata and controls

227 lines (170 loc) · 8.01 KB
Raw
title description ms.date monikerRange
AzureKeyVault@1 - Azure Key Vault v1 task
Download Azure Key Vault secrets (task version 1).
06/11/2024
<=azure-pipelines

AzureKeyVault@1 - Azure Key Vault v1 task

:::moniker range=">=azure-pipelines-2019.1"

Use this task to download secrets, such as authentication keys, storage account keys, data encryption keys, .PFX files, and passwords from an Azure Key Vault instance. The task can be used to fetch the latest values of all or a subset of secrets from the vault and set them as variables that can be used in subsequent tasks of a pipeline. The task is Node-based and works with agents on Linux, macOS, and Windows.

:::moniker-end

:::moniker range="=azure-pipelines-2019"

Use this task to download secrets, such as authentication keys, storage account keys, data encryption keys, .PFX files, and passwords from an Azure Key Vault instance. The task can be used to fetch the latest values of all or a subset of secrets from the vault and set them as variables that can be used in subsequent tasks of a pipeline. The task is Node-based and works with agents on Linux, macOS, and Windows.

:::moniker-end

Syntax

:::moniker range=">=azure-pipelines-2022"

# Azure Key Vault v1
# Download Azure Key Vault secrets.
- task: AzureKeyVault@1
  inputs:
    azureSubscription: # string. Alias: ConnectedServiceName. Required. Azure subscription. 
    KeyVaultName: # string. Required. Key vault. 
    SecretsFilter: '*' # string. Required. Secrets filter. Default: *.
    #RunAsPreJob: false # boolean. Make secrets available to whole job. Default: false.

:::moniker-end

:::moniker range=">=azure-pipelines-2020 <=azure-pipelines-2020.1"

# Azure Key Vault v1
# Download Azure Key Vault secrets.
- task: AzureKeyVault@1
  inputs:
    azureSubscription: # string. Alias: ConnectedServiceName. Required. Azure subscription. 
    KeyVaultName: # string. Required. Key vault. 
    SecretsFilter: '*' # 'EditableOptions'. Required. Secrets filter. Default: *.
    #RunAsPreJob: false # 'EditableOptions'. Make secrets available to whole job. Default: false.

:::moniker-end

:::moniker range="=azure-pipelines-2019.1"

# Azure Key Vault v1
# Download Azure Key Vault secrets.
- task: AzureKeyVault@1
  inputs:
    azureSubscription: # string. Alias: ConnectedServiceName. Required. Azure subscription. 
    KeyVaultName: # string. Required. Key vault. 
    SecretsFilter: '*' # 'EditableOptions'. Required. Secrets filter. Default: *.

:::moniker-end

:::moniker range="=azure-pipelines-2019"

# Azure Key Vault v1
# Download Azure Key Vault Secrets.
- task: AzureKeyVault@1
  inputs:
    azureSubscription: # string. Alias: ConnectedServiceName. Required. Azure subscription. 
    KeyVaultName: # string. Required. Key vault. 
    SecretsFilter: '*' # 'EditableOptions'. Required. Secrets filter. Default: *.

:::moniker-end

Inputs

:::moniker range="<=azure-pipelines"

azureSubscription - Azure subscription
Input alias: ConnectedServiceName. string. Required.

The service connection for the Azure subscription that either contains the Azure Key Vault instance or creates a new connection. Learn more about connecting to Azure.


:::moniker-end

:::moniker range="<=azure-pipelines"

KeyVaultName - Key vault
string. Required.

The name of the Azure Key Vault that contains the secrets to download.


:::moniker-end

:::moniker range=">=azure-pipelines-2022"

SecretsFilter - Secrets filter
string. Required. Default value: *.

Downloads secret names according to the entered value. The value can be the default value to download all secrets from the selected key vault, or a comma-separated list of secret names.


:::moniker-end

:::moniker range="<=azure-pipelines-2020.1"

SecretsFilter - Secrets filter
string. Required. Allowed values: EditableOptions (True). Default value: *.

Downloads secret names according to the entered value. The value can be the default value to download all secrets from the selected key vault, or a comma-separated list of secret names.


:::moniker-end

:::moniker range=">=azure-pipelines-2022"

RunAsPreJob - Make secrets available to whole job
boolean. Default value: false.

Runs the task before the job execution begins. Exposes secrets to all tasks in the job, not just tasks that follow this one.


:::moniker-end

:::moniker range=">=azure-pipelines-2020 <=azure-pipelines-2020.1"

RunAsPreJob - Make secrets available to whole job
boolean. Allowed values: EditableOptions (True). Default value: false.

Runs the task before the job execution begins. Exposes secrets to all tasks in the job, not just tasks that follow this one.


:::moniker-end

Task control options

All tasks have control options in addition to their task inputs. For more information, see Control options and common task properties.

Output variables

:::moniker range="<=azure-pipelines"

None.

:::moniker-end

Remarks

Works with cross-platform agents (Linux, macOS, or Windows).

There is a newer version of the Azure Key Vault task available.

I get a forbidden error on pipelines at the point of getting credentials from Azure Key Vault

This occurs if the required permissions are missing in the Azure key vault. To resolve the issue, add an access policy with the correct permissions.

Requirements

:::moniker range="<=azure-pipelines"

Requirement Description
Pipeline types YAML, Classic build, Classic release
Runs on Agent, DeploymentGroup
Demands None
Capabilities This task does not satisfy any demands for subsequent tasks in the job.
Command restrictions Any
Settable variables Any
Agent version 2.0.0 or greater
Task category Deploy

:::moniker-end

See also