Azure DevOps Pipelines
up vote
0
down vote
favorite
I am new to working with Azure DevOps, I am trying to create a pipeline using Azure DevOps for deploying my terraform code onto AWS, for authentication I am aware that we can use service principles but that will mean I will need to specify my acess and secret keys in azure DevOps which I do not want to do, so I wanted to check if there are any other ways of doing this?
amazon-web-services azure azure-devops pipeline devops
add a comment |
up vote
0
down vote
favorite
I am new to working with Azure DevOps, I am trying to create a pipeline using Azure DevOps for deploying my terraform code onto AWS, for authentication I am aware that we can use service principles but that will mean I will need to specify my acess and secret keys in azure DevOps which I do not want to do, so I wanted to check if there are any other ways of doing this?
amazon-web-services azure azure-devops pipeline devops
1
you have to authenticate either way, so you'd have to get some sort of credentials into azure devops...
– 4c74356b41
Nov 21 at 15:57
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I am new to working with Azure DevOps, I am trying to create a pipeline using Azure DevOps for deploying my terraform code onto AWS, for authentication I am aware that we can use service principles but that will mean I will need to specify my acess and secret keys in azure DevOps which I do not want to do, so I wanted to check if there are any other ways of doing this?
amazon-web-services azure azure-devops pipeline devops
I am new to working with Azure DevOps, I am trying to create a pipeline using Azure DevOps for deploying my terraform code onto AWS, for authentication I am aware that we can use service principles but that will mean I will need to specify my acess and secret keys in azure DevOps which I do not want to do, so I wanted to check if there are any other ways of doing this?
amazon-web-services azure azure-devops pipeline devops
amazon-web-services azure azure-devops pipeline devops
asked Nov 21 at 15:50
M Shareef
1
1
1
you have to authenticate either way, so you'd have to get some sort of credentials into azure devops...
– 4c74356b41
Nov 21 at 15:57
add a comment |
1
you have to authenticate either way, so you'd have to get some sort of credentials into azure devops...
– 4c74356b41
Nov 21 at 15:57
1
1
you have to authenticate either way, so you'd have to get some sort of credentials into azure devops...
– 4c74356b41
Nov 21 at 15:57
you have to authenticate either way, so you'd have to get some sort of credentials into azure devops...
– 4c74356b41
Nov 21 at 15:57
add a comment |
3 Answers
3
active
oldest
votes
up vote
0
down vote
Perhaps use the Azure Devops Libary > Variable Groups to securely store you keys.
Alternatively you may be able to use the Project Settings> Service connection. Perhaps using credentials connection or a generic on.
Also have you looked at aws.amazon.com/vsts
– Thomas Harris
Nov 22 at 10:12
add a comment |
up vote
0
down vote
Service principals is the industry standard for this case. You should create a specific service principal for Azure DevOps and limit its scope to only what's necessary.
add a comment |
up vote
0
down vote
For accessing/storing these kinds of secrets you can try the Azure Key Vault
Store all your secrets in Azure Key Vault secrets.
When you want to access secrets:
Ensure the Azure service connection has at least Get and List permissions on the vault. You can set these permissions in the Azure
portal:
Open the Settings blade for the vault, choose Access policies, then Add new.
In the Add access policy blade, choose Select principal and select the service principal for your client account.
In the Add access policy blade, choose Secret permissions and ensure that Get and List are checked (ticked).
Choose OK to save the changes.
Reference
Thank you Jayendran, will look further into this option
– M Shareef
Nov 22 at 10:44
@MShareef let me know if you need any help. You are welcome to accept my answer
– Jayendran
Nov 22 at 10:47
add a comment |
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Perhaps use the Azure Devops Libary > Variable Groups to securely store you keys.
Alternatively you may be able to use the Project Settings> Service connection. Perhaps using credentials connection or a generic on.
Also have you looked at aws.amazon.com/vsts
– Thomas Harris
Nov 22 at 10:12
add a comment |
up vote
0
down vote
Perhaps use the Azure Devops Libary > Variable Groups to securely store you keys.
Alternatively you may be able to use the Project Settings> Service connection. Perhaps using credentials connection or a generic on.
Also have you looked at aws.amazon.com/vsts
– Thomas Harris
Nov 22 at 10:12
add a comment |
up vote
0
down vote
up vote
0
down vote
Perhaps use the Azure Devops Libary > Variable Groups to securely store you keys.
Alternatively you may be able to use the Project Settings> Service connection. Perhaps using credentials connection or a generic on.
Perhaps use the Azure Devops Libary > Variable Groups to securely store you keys.
Alternatively you may be able to use the Project Settings> Service connection. Perhaps using credentials connection or a generic on.
answered Nov 21 at 17:13
Thomas Harris
405313
405313
Also have you looked at aws.amazon.com/vsts
– Thomas Harris
Nov 22 at 10:12
add a comment |
Also have you looked at aws.amazon.com/vsts
– Thomas Harris
Nov 22 at 10:12
Also have you looked at aws.amazon.com/vsts
– Thomas Harris
Nov 22 at 10:12
Also have you looked at aws.amazon.com/vsts
– Thomas Harris
Nov 22 at 10:12
add a comment |
up vote
0
down vote
Service principals is the industry standard for this case. You should create a specific service principal for Azure DevOps and limit its scope to only what's necessary.
add a comment |
up vote
0
down vote
Service principals is the industry standard for this case. You should create a specific service principal for Azure DevOps and limit its scope to only what's necessary.
add a comment |
up vote
0
down vote
up vote
0
down vote
Service principals is the industry standard for this case. You should create a specific service principal for Azure DevOps and limit its scope to only what's necessary.
Service principals is the industry standard for this case. You should create a specific service principal for Azure DevOps and limit its scope to only what's necessary.
answered Nov 21 at 18:17
Zair Henrique
157112
157112
add a comment |
add a comment |
up vote
0
down vote
For accessing/storing these kinds of secrets you can try the Azure Key Vault
Store all your secrets in Azure Key Vault secrets.
When you want to access secrets:
Ensure the Azure service connection has at least Get and List permissions on the vault. You can set these permissions in the Azure
portal:
Open the Settings blade for the vault, choose Access policies, then Add new.
In the Add access policy blade, choose Select principal and select the service principal for your client account.
In the Add access policy blade, choose Secret permissions and ensure that Get and List are checked (ticked).
Choose OK to save the changes.
Reference
Thank you Jayendran, will look further into this option
– M Shareef
Nov 22 at 10:44
@MShareef let me know if you need any help. You are welcome to accept my answer
– Jayendran
Nov 22 at 10:47
add a comment |
up vote
0
down vote
For accessing/storing these kinds of secrets you can try the Azure Key Vault
Store all your secrets in Azure Key Vault secrets.
When you want to access secrets:
Ensure the Azure service connection has at least Get and List permissions on the vault. You can set these permissions in the Azure
portal:
Open the Settings blade for the vault, choose Access policies, then Add new.
In the Add access policy blade, choose Select principal and select the service principal for your client account.
In the Add access policy blade, choose Secret permissions and ensure that Get and List are checked (ticked).
Choose OK to save the changes.
Reference
Thank you Jayendran, will look further into this option
– M Shareef
Nov 22 at 10:44
@MShareef let me know if you need any help. You are welcome to accept my answer
– Jayendran
Nov 22 at 10:47
add a comment |
up vote
0
down vote
up vote
0
down vote
For accessing/storing these kinds of secrets you can try the Azure Key Vault
Store all your secrets in Azure Key Vault secrets.
When you want to access secrets:
Ensure the Azure service connection has at least Get and List permissions on the vault. You can set these permissions in the Azure
portal:
Open the Settings blade for the vault, choose Access policies, then Add new.
In the Add access policy blade, choose Select principal and select the service principal for your client account.
In the Add access policy blade, choose Secret permissions and ensure that Get and List are checked (ticked).
Choose OK to save the changes.
Reference
For accessing/storing these kinds of secrets you can try the Azure Key Vault
Store all your secrets in Azure Key Vault secrets.
When you want to access secrets:
Ensure the Azure service connection has at least Get and List permissions on the vault. You can set these permissions in the Azure
portal:
Open the Settings blade for the vault, choose Access policies, then Add new.
In the Add access policy blade, choose Select principal and select the service principal for your client account.
In the Add access policy blade, choose Secret permissions and ensure that Get and List are checked (ticked).
Choose OK to save the changes.
Reference
answered Nov 22 at 2:53
Jayendran
2,94631334
2,94631334
Thank you Jayendran, will look further into this option
– M Shareef
Nov 22 at 10:44
@MShareef let me know if you need any help. You are welcome to accept my answer
– Jayendran
Nov 22 at 10:47
add a comment |
Thank you Jayendran, will look further into this option
– M Shareef
Nov 22 at 10:44
@MShareef let me know if you need any help. You are welcome to accept my answer
– Jayendran
Nov 22 at 10:47
Thank you Jayendran, will look further into this option
– M Shareef
Nov 22 at 10:44
Thank you Jayendran, will look further into this option
– M Shareef
Nov 22 at 10:44
@MShareef let me know if you need any help. You are welcome to accept my answer
– Jayendran
Nov 22 at 10:47
@MShareef let me know if you need any help. You are welcome to accept my answer
– Jayendran
Nov 22 at 10:47
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53415774%2fazure-devops-pipelines%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
you have to authenticate either way, so you'd have to get some sort of credentials into azure devops...
– 4c74356b41
Nov 21 at 15:57