In this blog post, we will use Azure KeyVault with a Terraform Pipeline to deploy infrastructure to Azure.
Azure Key Vault is a service provided by Microsoft Azure that allows you to securely store and manage cryptographic keys, certificates, and secrets.
Azure Key Vault and Terraform can provide a secure and automated way to manage secrets for your Azure resources. In this blog post, we’ll explore how to use Azure Key Vault with Terraform in an Azure pipeline.
Create Azure Key Vault
The first step is to create an Azure Key Vault instance. You can do this via the Azure portal or Terraform. Once you have created the Key Vault, you need to create a secret in it.
Add the Azure Key vault to Azure DevOps. Click on:
Pipelines -> Library
Tick the Link secrets from an Azure key vault as variables
Select your Azure subscription and Key Vault from the drop menu.
Azure Pipeline
In my Azure YAML pipeline, I use the following code to access the Azure Key Vault.
Note: The code is part of the Azure Key Vault task (available from the Task Assistance menu)
- task: AzureKeyVault@2
inputs:
azureSubscription: 'Pay-As-You-Go'
KeyVaultName: 'ntweeklykeyvault'
SecretsFilter: '*'
RunAsPreJob: trueTerraform Task
In my Terraform code, I’m using Azure Key Vault to store
The variable part is shown below (the Key Vault variable name is administratorloginpassword):
--auto-approve -var administrator_login_password=$(administratorloginpassword)'The entire task code is:
- task: TerraformTaskV4@4
inputs:
displayName: 'Destroy Terraform Apply'
provider: 'azurerm'
command: 'apply'
workingDirectory: '$(System.DefaultWorkingDirectory)/deploy'
commandOptions: '--auto-approve -var administrator_login_password=$(administratorloginpassword)'
environmentServiceNameAzureRM: 'Pay-As-You-Go'
The Azure Pipeline code will use the variable to deploy the resources.
Leave a Reply