Ensure Secure Access to Azure Key Vault in Azure DevOps Pipelines

Azure Key Vault Integration in Azure DevOps Project1

Prev Question Next Question

Question

You have an Azure DevOps organization named Contoso, an Azure DevOps project named Project1, an Azure subscription named Sub1, and an Azure key vault named vault1.

You need to ensure that you can reference the values of the secrets stored in vault1 in all the pipelines of Project1. The solution must prevent the values from being stored in the pipelines.

What should you do?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A

Use a variable group to store values that you want to control and make available across multiple pipelines.

https://docs.microsoft.com/en-us/azure/devops/pipelines/library/variable-groups

To reference the values of the secrets stored in Azure key vault named vault1 in all the pipelines of Azure DevOps project named Project1, and to prevent the values from being stored in the pipelines, you should create a variable group in Project1. Therefore, the correct answer is A.

Here's why:

A variable group is a collection of variables that can be used across pipelines in a project or across multiple projects in an organization. Variables can be stored in the variable group as key-value pairs, and they can be secured using Azure Key Vault. When a variable group is linked to a pipeline, the variables in the group are available to the pipeline.

To create a variable group that references the secrets stored in vault1, follow these steps:

  1. In Azure DevOps, go to your project (Project1) and select the Pipelines menu option.

  2. Select the Library tab.

  3. Click on the + Variable Group button.

  4. Give your variable group a name (for example, "Vault1Secrets").

  5. Select the Link secrets from an Azure key vault as variables option.

  6. Select the Azure subscription (Sub1) that contains the key vault (vault1).

  7. Choose the key vault (vault1).

  8. Choose the secrets that you want to reference in your pipelines.

  9. Click the Create button.

After you've created the variable group, you can link it to your pipelines. Here's how:

  1. Open the pipeline that you want to link the variable group to.

  2. Click on the Variables tab.

  3. Click on the Link variable group button.

  4. Select the variable group that you just created (Vault1Secrets).

  5. Click the Link button.

Now, the variables in the variable group (which reference the secrets stored in vault1) are available to your pipeline, but the values of the secrets are not stored in the pipeline. This ensures that the secrets remain secure and are not exposed to unauthorized users.

Secure files (answer B) are used to store files that contain sensitive information, but they are not used to store secrets. Modifying the security settings of pipelines (answer C) or configuring the security policy of Contoso (answer D) are not relevant to the question.

Prev Question Next Question