Provisioning Azure Key Vault for Azure DevOps Organization

D

Before this will work, the build needs permission to access the Azure Key Vault. This can be added in the Azure Portal.

Open the Access Policies in the Key Vault and add a new one. Choose the principle used in the DevOps build.

The correct answer is C. Create a variable group in Project1.

Explanation:

To reference Keyvault1 secrets in a build pipeline of Project1, we need to create a variable group that contains the secrets from Keyvault1. A variable group is a collection of variables that can be used across multiple pipelines and environments in Azure DevOps. We can link a variable group to an Azure Key Vault, which allows us to reference the secrets in the variable group from our build and release pipelines.

The process to create a variable group linked to an Azure Key Vault is as follows:

1. Create an Azure service connection to authenticate to the Key Vault.

2. Create a variable group in Azure DevOps.

3. Link the variable group to the Azure service connection created in step 1.

4. Add the secrets from the Key Vault to the variable group.

Once the variable group is created, we can reference the secrets in the variable group in our build and release pipelines by using the $(variableName) syntax.

Secure files (option A) are used to store sensitive files such as SSL certificates and SSH keys. They are not used to reference secrets from an Azure Key Vault in a build pipeline.

XAML build service (option B) is a legacy build system that has been replaced by the newer YAML-based pipeline system in Azure DevOps. It is not used to reference secrets from an Azure Key Vault in a build pipeline.

Configuring the security policy of Contoso (option D) does not help us to reference secrets from an Azure Key Vault in a build pipeline. The security policy determines who can perform actions in Azure DevOps, but it does not affect how pipelines access secrets.