AXForum  
Вернуться   AXForum > Microsoft Dynamics NAV > NAV: Blogs
All
Забыли пароль?
Зарегистрироваться Правила Справка Пользователи Сообщения за день Поиск Все разделы прочитаны

 
 
Опции темы Поиск в этой теме Опции просмотра
Старый 18.09.2020, 15:11   #1  
Blog bot is offline
Blog bot
Участник
 
23,568 / 800 (74) +++++++
Регистрация: 28.10.2006
waldo: Use Azure KeyVault in AzureDevops for sharing licensing and other secrets
Источник: https://dynamicsuser.net/nav/b/waldo...-other-secrets
==============

You are probably aware on how “secrets” work in AzureDevops. In a way, it’s simple: you can create variables, and store the value of the variable as a secret or not, simply by tapping the “lock” when creating a variable.

To share variables over multiple repos, you can create a variable group, and use that variable group in multiple pipelines.

Quite Easy! But …

Thing is – out-of-the-box variable-definition in DevOps – as far as I know – is “just” on project-level. We can define variables on a pipeline, we can pass to templates, we can create “global” variables and such … but sometimes, you need to be able to share a (secret) value, like license-key, over about all your projects. Or even across multiple DevOps organizations – however you chose to set it up.
Many partners have 1 DEV license key that expires every 90 days, so you might want to be able to share that license key over all your projects. The goal is: when you have a new key, there is just one place to change, and all your pipelines will keep running.

How do I share Secret variables over multiple projects?

Let me share you a simple way to do that, but first a disclaimer: it could very well be that I’m not aware of a built-in DevOps option to do this. Please let me know in the comments if that’s the case.

Step 1: Set up an Azure Key Vault in the Azure Portal

In Azure (yes, you’ll need access to the Azure Portal), you have “Azure Key Vault”.

Just create a new Key Vault:

Step 2: Create Secrets

Once you created your vault, you can simply navigate to it..

And start to create secrets:

As you can see, it’s simple: just a key/value pair basically:

The result is simply a list of secrets that you have now at your disposal.

To continue, let’s go back to DevOps…

Step 3: Create a variable group

As you might already know, variable groups can be linked to secrets in an Azure Key Vault. Since these are all secrets that we want to manage on a “high level”, it makes sense to take the highest level we can to manage variables in DevOps, and that’s: Variable Groups.

Step 4: Link it with Azure Keyvault

Make sure you link it with your Azure Key Vault (and Autorize the subscription, and the vault if necessary).

Done forget to add all secrets you want to make available in this project. By default, none of the secrets will be linked, you need “Add” them yourself!

Save, and done! Now, you will be able to …

Step 5: Use it in your pipelines

Here are a few examples on how to link it in your pipelines

And use it:

Do know, when running the pipeline, you might have to give access for this service connection. Simply permit it and run it – you need to do this only once.

If you ever want to delete/disable access to this subscription, do know it has basically created a service connection, which you can find in the project settings:

Just after I wrote this post, I happened to find this one: https://zimmergren.net/using-azure-k...vops-pipeline/ . Definitely worth a read, as it drills a bit more into the security considerations.. .




Источник: https://dynamicsuser.net/nav/b/waldo...-other-secrets
__________________
Расскажите о новых и интересных блогах по Microsoft Dynamics, напишите личное сообщение администратору.
 

Опции темы Поиск в этой теме
Поиск в этой теме:

Расширенный поиск
Опции просмотра

Ваши права в разделе
Вы не можете создавать новые темы
Вы не можете отвечать в темах
Вы не можете прикреплять вложения
Вы не можете редактировать свои сообщения

BB коды Вкл.
Смайлы Вкл.
[IMG] код Вкл.
HTML код Выкл.
Быстрый переход

Рейтинг@Mail.ru
Часовой пояс GMT +3, время: 20:26.
Powered by vBulletin® v3.8.5. Перевод: zCarot
Контактная информация, Реклама.