Home > Enterprise >  How to manage passwords and ConnectionStrings in a multi environment deployment using azure devops?
How to manage passwords and ConnectionStrings in a multi environment deployment using azure devops?

Time:01-23

I have a web application, in the front end, I use asp.net framework and in the back end, I have a WCF service.

I want to have multi environments, one for staging and one for production.

I already succeed to deploy both the front and back end using azure DevOps, but I have difficulty figuring out the best way to store secrets(like passwords, connection string) knowing that I have multi env, because I don't want my secrets being visible to VCS, or when building. secrets should appear only in the release.

  • I try first to use a secret file and upload web.config, so when the build is done I replace the web.config but it didn't look like a good idea because I don't want to re-upload the config file every time I change it.

I hope someone shares their experience of how he manages multi-environment deployment and hides secrets from VSC.

thanks.

CodePudding user response:

You can make use of variables to store the secrets in Azure DevOps:-

You can click on variable tab while running your pipeline and store the secrets, passwords, connection strings in that variable for different stages, jobs and run the pipeline.

enter image description here

While running your Pipeline you can store your secrets or password in the variable like below and scope it to different stages too:-

enter image description here

enter image description here

And use it as an environment variable in the pipeline for different stages.

enter image description here

If you want to store the secrets commonly, You can also make use of variable group like below :-

enter image description here

You can mask the value to secure it

enter image description here

and in the variable script you can use the variable group directly to access the secrets:-

enter image description here

You can also store your connection strings, secrets, password in azure key vault and then create azure key vault variable group in Azure DevOps pipeline like below :-

I have added one secret in the Azure key vault resource like below :-

enter image description here

Now, To access these secret value in Azure DevOps yaml pipeline refer below :-

    trigger:
    - main
    steps:
    - task: AzureKeyVault@2
    inputs:
    azureSubscription: 'SID subscription(1)(<subscription-id>)'
    KeyVaultName: 'siliconvault'
    SecretsFilter: '*'
    RunAsPreJob: false
    - script : |
    echo $(dbpassword)

enter image description here

Make sure you give access permissions to the Azure DevOps service connection to access Key vault and the dbpassword will be encrypted when the pipeline runs like below :-

enter image description here

You can also create a variable group for storing this Azure Key vault secret in Azure DevOps:-

enter image description here

Reference :-

Use Azure Key Vault secrets in Azure Pipelines - Azure Pipelines | Microsoft Learn

Set secret variables - Azure Pipelines | Microsoft Learn

  • Related