Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Azure DevOps - Key Vault Task - Support Version identifiers in secret names #10445
Entering this information will route you directly to the right team and expedite traction.
Question, Bug, or Feature?
Enter Task Name: Azure Key Vault
list here (V# not needed):
The Key Vault Task should support version identifiers as part of the Secrets filter parameter.
When specifying a Secret Name along with the version identifier for Secrets filter parameter it fetches the appropriate version value of the secret. However, the value can be referenced only with the full name including the version guid.
The task sets a parameter named 'secret3/versionIdentifierGuid'
The task must set a parameter named 'secret3' (without the version guid in the name)
By doing this we can have each stage use it's own key vault instances but refer to a same name. Also the release created will snapshot the variable value at the point in time. At present it reads the latest version from the Key Vault (which can change over time). By locking in on the version guid for a secret, a release created will always have the same value no matter of the updates that happen for the secret in the key vault.
Since Key Vault secrets can contain only 0-9, a-z, A-Z, and - any one specifying '/' will be explicitly opting in for the versioning style.