0

在 yaml 中添加任务以读取 KV。

我得到了这个 yaml 代码:

parameters:
  - name: DeployTo
    type: string
    default: SIT
    values:
      - SIT
pool:
    vmImage: vs2017-win2016
variables:
    environmentToDeploy: ${{ lower(parameters.DeployTo)}}
    subscription: np
  
stages:
- stage: SIT
  displayName: SIT - Infrastructure deploy 
  condition: eq('${{ parameters.DeployTo}}','SIT')

  jobs:
     - template: ymlTemplates\environment-deploy.yml  # Template reference
       parameters:
          DeployTo: '${{ parameters.DeployTo }}'
          environmentToDeploy: '${{ variables.environmentToDeploy }}'
          subscriptionId: 'xxxf7fc0-exx3-x000-9f55-04xxxxxx76f4'
          SqlPassword: $(sqlpassword)
          AdminPassword: $(adminpassword)

当前sqlpasswordadminpassword的值作为管道变量传递。我想从 KeyVault 中阅读此内容。我如何在工作之前将任务放在这个 .yaml 中。:)

4

1 回答 1

0

使用AzureKeyVault 任务。来自 KeyVault 的机密将作为管道变量提供。

管道看起来像这样:

  jobs:
     # assuming 'sqlpassword' and 'sqlpassword' secrets in keyvault
     - task: AzureKeyVault@1
       inputs:
         azureSubscription: 'my azure subscription'
         keyVaultName: 'my vault'
         secretsFilter: '*'

     - template: ymlTemplates\environment-deploy.yml  # Template reference
       parameters:
          DeployTo: '${{ parameters.DeployTo }}'
          environmentToDeploy: '${{ variables.environmentToDeploy }}'
          subscriptionId: 'xxxf7fc0-exx3-x000-9f55-04xxxxxx76f4'
          SqlPassword: $(sqlpassword)
          AdminPassword: $(adminpassword)
于 2022-01-28T06:06:13.357 回答