-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathazure-pipelines-Fetch-KV-Secret-v1.0.yml
94 lines (81 loc) · 2.97 KB
/
azure-pipelines-Fetch-KV-Secret-v1.0.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
trigger:
none
######################
#DECLARE VARIABLES:-
######################
variables:
ServiceConnection: amcloud-cicd-service-connection
KVName: ampockv
Artifact: AM
#########################
# Declare Build Agents:-
#########################
pool:
vmImage: windows-latest
###################
# Declare Stages:-
###################
stages:
- stage: USECASE_DISPLAY_ALL_SECRETS_AND_VALUES
jobs:
- job: DISPLAY_SECRETS_AND_VALUES
displayName: DISPLAY SECRETS AND VALUES
steps:
########################################################################
# Azure Key Vault Task.
# Display the name of Key Vault.
# Display the No. of Secrets found in Key Vault.
# Display the No. of enabled and unexpired Secrets found in Key Vault.
# Downloads values of Each Secret in Key Vault.
########################################################################
- task: AzureKeyVault@2
displayName: AZ KEYVAULT TASK
inputs:
azureSubscription: '$(ServiceConnection)'
KeyVaultName: '$(KVName)'
SecretsFilter: '*'
RunAsPreJob: false
#######################################################
# Integers can be compared with these operators:
# -eq # Equal
# -ne # Not equal
# -lt # Less than
# -le # Less than or equal
# -gt # Greater than
# -ge # Greater than or equal
#######################################################
###############################################################
# Copy the Secrets text file to Artifacts Staging Directory:-
###############################################################
- task: AzureCLI@2
displayName: FETCH ALL SECRETS
inputs:
azureSubscription: '$(ServiceConnection)'
scriptType: ps
scriptLocation: inlineScript
inlineScript: |
az --version
az account show
$count = az keyvault secret list --vault-name $(KVName) --query "[] | length(@)"
For ($i=0; $i -lt $count; $i++) {
$secretname = az keyvault secret list --vault-name $(KVName) --query [$i].name -o tsv
$secretvalue = az keyvault secret show --vault-name $(KVName) --name $secretname --query value -o tsv
echo ($secretname + ':' + $secretvalue) >> Secrets.txt
}
###############################################################
# Copy the Secrets text file to Artifacts Staging Directory:-
###############################################################
- task: CopyFiles@2
displayName: COPY TO ARTIFACTS STAGING DIRECTORY
inputs:
Contents: Secrets.txt
targetFolder: '$(Build.ArtifactStagingDirectory)'
###########################
# Publish the Artifacts:-
###########################
- task: PublishBuildArtifacts@1
displayName: PUBLISH ARTIFACTS
inputs:
PathtoPublish: '$(Build.ArtifactStagingDirectory)'
ArtifactName: '$(Artifact)'
publishLocation: 'Container'