You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Server - Azure Pipelines or TFS on-premises? Azure Pipelines
Issue Description
The Key Vault Task should support version identifiers as part of the Secrets filter parameter.
Current Behaviour
When specifying a Secret Name along with the version identifier for Secrets filter parameter it fetches the appropriate version value of the secret. However, the value can be referenced only with the full name including the version guid.
For e.g.
Secrets filter: 'secret3/versionIdentifierGuid'
The task sets a parameter named 'secret3/versionIdentifierGuid'
Expected Behaviour
The task must set a parameter named 'secret3' (without the version guid in the name)
By doing this we can have each stage use it's own key vault instances but refer to a same name. Also the release created will snapshot the variable value at the point in time. At present it reads the latest version from the Key Vault (which can change over time). By locking in on the version guid for a secret, a release created will always have the same value no matter of the updates that happen for the secret in the key vault.
Required Information
Entering this information will route you directly to the right team and expedite traction.
Question, Bug, or Feature?
Type: Feature
Enter Task Name: Azure Key Vault
list here (V# not needed):
https://github.com/Microsoft/azure-pipelines-tasks/tree/master/Tasks
Environment
Issue Description
The Key Vault Task should support version identifiers as part of the Secrets filter parameter.
Current Behaviour
When specifying a Secret Name along with the version identifier for Secrets filter parameter it fetches the appropriate version value of the secret. However, the value can be referenced only with the full name including the version guid.
For e.g.
Secrets filter: 'secret3/versionIdentifierGuid'
The task sets a parameter named 'secret3/versionIdentifierGuid'
Expected Behaviour
The task must set a parameter named 'secret3' (without the version guid in the name)
By doing this we can have each stage use it's own key vault instances but refer to a same name. Also the release created will snapshot the variable value at the point in time. At present it reads the latest version from the Key Vault (which can change over time). By locking in on the version guid for a secret, a release created will always have the same value no matter of the updates that happen for the secret in the key vault.
Since Key Vault secrets can contain only 0-9, a-z, A-Z, and - any one specifying '/' will be explicitly opting in for the versioning style.
The text was updated successfully, but these errors were encountered: