Azure DevOps Pipelines











up vote
0
down vote

favorite












I am new to working with Azure DevOps, I am trying to create a pipeline using Azure DevOps for deploying my terraform code onto AWS, for authentication I am aware that we can use service principles but that will mean I will need to specify my acess and secret keys in azure DevOps which I do not want to do, so I wanted to check if there are any other ways of doing this?










share|improve this question


















  • 1




    you have to authenticate either way, so you'd have to get some sort of credentials into azure devops...
    – 4c74356b41
    Nov 21 at 15:57















up vote
0
down vote

favorite












I am new to working with Azure DevOps, I am trying to create a pipeline using Azure DevOps for deploying my terraform code onto AWS, for authentication I am aware that we can use service principles but that will mean I will need to specify my acess and secret keys in azure DevOps which I do not want to do, so I wanted to check if there are any other ways of doing this?










share|improve this question


















  • 1




    you have to authenticate either way, so you'd have to get some sort of credentials into azure devops...
    – 4c74356b41
    Nov 21 at 15:57













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I am new to working with Azure DevOps, I am trying to create a pipeline using Azure DevOps for deploying my terraform code onto AWS, for authentication I am aware that we can use service principles but that will mean I will need to specify my acess and secret keys in azure DevOps which I do not want to do, so I wanted to check if there are any other ways of doing this?










share|improve this question













I am new to working with Azure DevOps, I am trying to create a pipeline using Azure DevOps for deploying my terraform code onto AWS, for authentication I am aware that we can use service principles but that will mean I will need to specify my acess and secret keys in azure DevOps which I do not want to do, so I wanted to check if there are any other ways of doing this?







amazon-web-services azure azure-devops pipeline devops






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 21 at 15:50









M Shareef

1




1








  • 1




    you have to authenticate either way, so you'd have to get some sort of credentials into azure devops...
    – 4c74356b41
    Nov 21 at 15:57














  • 1




    you have to authenticate either way, so you'd have to get some sort of credentials into azure devops...
    – 4c74356b41
    Nov 21 at 15:57








1




1




you have to authenticate either way, so you'd have to get some sort of credentials into azure devops...
– 4c74356b41
Nov 21 at 15:57




you have to authenticate either way, so you'd have to get some sort of credentials into azure devops...
– 4c74356b41
Nov 21 at 15:57












3 Answers
3






active

oldest

votes

















up vote
0
down vote













Perhaps use the Azure Devops Libary > Variable Groups to securely store you keys.



Alternatively you may be able to use the Project Settings> Service connection. Perhaps using credentials connection or a generic on.






share|improve this answer





















  • Also have you looked at aws.amazon.com/vsts
    – Thomas Harris
    Nov 22 at 10:12


















up vote
0
down vote













Service principals is the industry standard for this case. You should create a specific service principal for Azure DevOps and limit its scope to only what's necessary.






share|improve this answer




























    up vote
    0
    down vote













    For accessing/storing these kinds of secrets you can try the Azure Key Vault



    Store all your secrets in Azure Key Vault secrets.




    When you want to access secrets:





    • Ensure the Azure service connection has at least Get and List permissions on the vault. You can set these permissions in the Azure

      portal:




      • Open the Settings blade for the vault, choose Access policies, then Add new.


      • In the Add access policy blade, choose Select principal and select the service principal for your client account.


      • In the Add access policy blade, choose Secret permissions and ensure that Get and List are checked (ticked).


      • Choose OK to save the changes.







    Reference






    share|improve this answer





















    • Thank you Jayendran, will look further into this option
      – M Shareef
      Nov 22 at 10:44










    • @MShareef let me know if you need any help. You are welcome to accept my answer
      – Jayendran
      Nov 22 at 10:47











    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53415774%2fazure-devops-pipelines%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    3 Answers
    3






    active

    oldest

    votes








    3 Answers
    3






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    0
    down vote













    Perhaps use the Azure Devops Libary > Variable Groups to securely store you keys.



    Alternatively you may be able to use the Project Settings> Service connection. Perhaps using credentials connection or a generic on.






    share|improve this answer





















    • Also have you looked at aws.amazon.com/vsts
      – Thomas Harris
      Nov 22 at 10:12















    up vote
    0
    down vote













    Perhaps use the Azure Devops Libary > Variable Groups to securely store you keys.



    Alternatively you may be able to use the Project Settings> Service connection. Perhaps using credentials connection or a generic on.






    share|improve this answer





















    • Also have you looked at aws.amazon.com/vsts
      – Thomas Harris
      Nov 22 at 10:12













    up vote
    0
    down vote










    up vote
    0
    down vote









    Perhaps use the Azure Devops Libary > Variable Groups to securely store you keys.



    Alternatively you may be able to use the Project Settings> Service connection. Perhaps using credentials connection or a generic on.






    share|improve this answer












    Perhaps use the Azure Devops Libary > Variable Groups to securely store you keys.



    Alternatively you may be able to use the Project Settings> Service connection. Perhaps using credentials connection or a generic on.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Nov 21 at 17:13









    Thomas Harris

    405313




    405313












    • Also have you looked at aws.amazon.com/vsts
      – Thomas Harris
      Nov 22 at 10:12


















    • Also have you looked at aws.amazon.com/vsts
      – Thomas Harris
      Nov 22 at 10:12
















    Also have you looked at aws.amazon.com/vsts
    – Thomas Harris
    Nov 22 at 10:12




    Also have you looked at aws.amazon.com/vsts
    – Thomas Harris
    Nov 22 at 10:12












    up vote
    0
    down vote













    Service principals is the industry standard for this case. You should create a specific service principal for Azure DevOps and limit its scope to only what's necessary.






    share|improve this answer

























      up vote
      0
      down vote













      Service principals is the industry standard for this case. You should create a specific service principal for Azure DevOps and limit its scope to only what's necessary.






      share|improve this answer























        up vote
        0
        down vote










        up vote
        0
        down vote









        Service principals is the industry standard for this case. You should create a specific service principal for Azure DevOps and limit its scope to only what's necessary.






        share|improve this answer












        Service principals is the industry standard for this case. You should create a specific service principal for Azure DevOps and limit its scope to only what's necessary.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 21 at 18:17









        Zair Henrique

        157112




        157112






















            up vote
            0
            down vote













            For accessing/storing these kinds of secrets you can try the Azure Key Vault



            Store all your secrets in Azure Key Vault secrets.




            When you want to access secrets:





            • Ensure the Azure service connection has at least Get and List permissions on the vault. You can set these permissions in the Azure

              portal:




              • Open the Settings blade for the vault, choose Access policies, then Add new.


              • In the Add access policy blade, choose Select principal and select the service principal for your client account.


              • In the Add access policy blade, choose Secret permissions and ensure that Get and List are checked (ticked).


              • Choose OK to save the changes.







            Reference






            share|improve this answer





















            • Thank you Jayendran, will look further into this option
              – M Shareef
              Nov 22 at 10:44










            • @MShareef let me know if you need any help. You are welcome to accept my answer
              – Jayendran
              Nov 22 at 10:47















            up vote
            0
            down vote













            For accessing/storing these kinds of secrets you can try the Azure Key Vault



            Store all your secrets in Azure Key Vault secrets.




            When you want to access secrets:





            • Ensure the Azure service connection has at least Get and List permissions on the vault. You can set these permissions in the Azure

              portal:




              • Open the Settings blade for the vault, choose Access policies, then Add new.


              • In the Add access policy blade, choose Select principal and select the service principal for your client account.


              • In the Add access policy blade, choose Secret permissions and ensure that Get and List are checked (ticked).


              • Choose OK to save the changes.







            Reference






            share|improve this answer





















            • Thank you Jayendran, will look further into this option
              – M Shareef
              Nov 22 at 10:44










            • @MShareef let me know if you need any help. You are welcome to accept my answer
              – Jayendran
              Nov 22 at 10:47













            up vote
            0
            down vote










            up vote
            0
            down vote









            For accessing/storing these kinds of secrets you can try the Azure Key Vault



            Store all your secrets in Azure Key Vault secrets.




            When you want to access secrets:





            • Ensure the Azure service connection has at least Get and List permissions on the vault. You can set these permissions in the Azure

              portal:




              • Open the Settings blade for the vault, choose Access policies, then Add new.


              • In the Add access policy blade, choose Select principal and select the service principal for your client account.


              • In the Add access policy blade, choose Secret permissions and ensure that Get and List are checked (ticked).


              • Choose OK to save the changes.







            Reference






            share|improve this answer












            For accessing/storing these kinds of secrets you can try the Azure Key Vault



            Store all your secrets in Azure Key Vault secrets.




            When you want to access secrets:





            • Ensure the Azure service connection has at least Get and List permissions on the vault. You can set these permissions in the Azure

              portal:




              • Open the Settings blade for the vault, choose Access policies, then Add new.


              • In the Add access policy blade, choose Select principal and select the service principal for your client account.


              • In the Add access policy blade, choose Secret permissions and ensure that Get and List are checked (ticked).


              • Choose OK to save the changes.







            Reference







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Nov 22 at 2:53









            Jayendran

            2,94631334




            2,94631334












            • Thank you Jayendran, will look further into this option
              – M Shareef
              Nov 22 at 10:44










            • @MShareef let me know if you need any help. You are welcome to accept my answer
              – Jayendran
              Nov 22 at 10:47


















            • Thank you Jayendran, will look further into this option
              – M Shareef
              Nov 22 at 10:44










            • @MShareef let me know if you need any help. You are welcome to accept my answer
              – Jayendran
              Nov 22 at 10:47
















            Thank you Jayendran, will look further into this option
            – M Shareef
            Nov 22 at 10:44




            Thank you Jayendran, will look further into this option
            – M Shareef
            Nov 22 at 10:44












            @MShareef let me know if you need any help. You are welcome to accept my answer
            – Jayendran
            Nov 22 at 10:47




            @MShareef let me know if you need any help. You are welcome to accept my answer
            – Jayendran
            Nov 22 at 10:47


















            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53415774%2fazure-devops-pipelines%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            A CLEAN and SIMPLE way to add appendices to Table of Contents and bookmarks

            Calculate evaluation metrics using cross_val_predict sklearn

            Insert data from modal to MySQL (multiple modal on website)