Use Azure KeyVault With Terraform Azure Pipeline

In this blog post, we will use Azure KeyVault with a Terraform Pipeline to deploy infrastructure to Azure.

Azure Key Vault is a service provided by Microsoft Azure that allows you to securely store and manage cryptographic keys, certificates, and secrets.

Azure Key Vault and Terraform can provide a secure and automated way to manage secrets for your Azure resources. In this blog post, we’ll explore how to use Azure Key Vault with Terraform in an Azure pipeline.

Create Azure Key Vault

The first step is to create an Azure Key Vault instance. You can do this via the Azure portal or Terraform. Once you have created the Key Vault, you need to create a secret in it.

Add the Azure Key vault to Azure DevOps. Click on:

Pipelines -> Library

Tick the Link secrets from an Azure key vault as variables

Select your Azure subscription and Key Vault from the drop menu.

Azure Pipeline

In my Azure YAML pipeline, I use the following code to access the Azure Key Vault.

Note: The code is part of the Azure Key Vault task (available from the Task Assistance menu)

- task: AzureKeyVault@2
    azureSubscription: 'Pay-As-You-Go'
    KeyVaultName: 'ntweeklykeyvault'
    SecretsFilter: '*'
    RunAsPreJob: true

Terraform Task

In my Terraform code, I’m using Azure Key Vault to store

The variable part is shown below (the Key Vault variable name is administratorloginpassword):

--auto-approve -var administrator_login_password=$(administratorloginpassword)'

The entire task code is:

- task: TerraformTaskV4@4
    displayName: 'Destroy Terraform Apply'
    provider: 'azurerm'
    command: 'apply'
    workingDirectory: '$(System.DefaultWorkingDirectory)/deploy'
    commandOptions: '--auto-approve -var administrator_login_password=$(administratorloginpassword)'
    environmentServiceNameAzureRM: 'Pay-As-You-Go'

The Azure Pipeline code will use the variable to deploy the resources.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.