How to instruct Azure pipeline to read the storage account key from Azure vault for configuring diagnostics extension during publishing code?

Question

I have configured the Diagnostics Extension on my Azure cloud project so that I can collect the IIS logs and publish them to a storage account on azure.

However, I do not want to store the secret key of the storage account in the cscfg file, so I unchecked the "Don't remove storage key secret from project configuration (.cscfg) file". Please check the following.

I want to store the key of the storage account in the azure vault and I want Azure to pull the key from the azure vault while configuring the diagnostics extension during publishing of the code.

The code is published via Devops yaml pipeline.

Is there any way to instruct the Azure pipeline to read the storage account key from Azure vault and use it for configuring the diagnostics extension during publishing code?

so it s for a web/worker role ? is it a classic resource ? – Thomas Aug 03 '21 at 19:51 — Thomas, Aug 03 '21 at 19:51
You you share the yaml with us ? – Thomas Aug 04 '21 at 19:47 — Thomas, Aug 04 '21 at 19:47

score 0 · Answer 1 · answered Aug 03 '21 at 14:09

0

You need to use "Variable groups" feature of Azure Devops to link secrets from key vault into your pipeline, and forward them to your task.

Add secret to key vault
Create service connection in AzureDevops with permissions to access key vault
Create variable group and link secrets from key vault
Link variable group created in previous step into your .yaml pipeline

Any secret from variable group is accessible from within the pipeline like $(VariableName).

More information here.

answered Aug 03 '21 at 14:09

Džemal Čengić

96
2

Thank you for your reply. You have mentioned the first part that how to read a secret key from the azure vault in a pipeline. However, I do not know how to set up this key for Diagnostics Extension during publishing via a yaml? – Inayat Aug 03 '21 at 14:19
Not sure what do you mean by diagnostics extension. Is this something you installed from marketplace? If so, could you provide us a link? – Džemal Čengić Aug 03 '21 at 14:24
Diagnostics Extension is from microsoft and it is used to collect diagnostics data. Following is the link of overview https://learn.microsoft.com/en-us/azure/azure-monitor/agents/diagnostics-extension-overview and the following is the link for configuring it on an azure project in VS https://learn.microsoft.com/en-us/visualstudio/azure/vs-azure-tools-diagnostics-for-cloud-services-and-virtual-machines?view=vs-2019 – Inayat Aug 03 '21 at 14:39

How to instruct Azure pipeline to read the storage account key from Azure vault for configuring diagnostics extension during publishing code?

1 Answers1