In the config.csv - is it possible to use variables from secrets in a KeyVault #392
Replies: 1 comment
-
|
Secure variables are not available in a task's session by default primarily due to security concerns and design considerations. |
Beta Was this translation helpful? Give feedback.
-
I have a key vault with secrets for values that will be used in the ADF-Publish pipleine.
With a variable group (with secrets linked from a KV), linked to the ADF-Publish release pipeline, I can use those variables, but I have to create a mapping in the Publish ADF task so the task is aware of them. I want to make a direct link from the config.csv to the variable in the KV. Example:
I have a Linked Service in my ADF that is linked to a Key Vault. To deploy my ADF from test to stage, the URL to the KV for stage needs to updated.
Config entry looks like this:
linkedService,,typeProperties.baseUrl,"$Env:KVURL"
When $ENV:KVURL references a pipeline variable, the value for URL is updated in my stage ADF
When $ENV:KVURL is trying to use a Key Vault value with secret name "KVURL" the value in Stage is blank.
I am using the Azure Key Vault Task to pull the secrets into the agent (pre-job) and set to share for all tasks in the job, but it seems the publish task isn't able to recognize them.
One other note, when I did have the secrets linked to the pipeline through a Variable Library (linked to the KV), I used the Environment Variables section in the Publish task to map the variables I am using in the config.sys to the variable linked in the variable group. This works, but I don't want to have the added step of every time I add a secret to the KV for ADF deployments, I have to make a manual entry in the task for a local mapping.
How do I make the entry in the config.sys recognize key vault secrets?
Beta Was this translation helpful? Give feedback.
All reactions