Introduction

The Azure KeyVault release pipeline contains four steps (see image below). The two first steps take care of getting the assigned Security Policies from the current Azure KeyVault. This is needed when you re-run this pipeline the access policies are reset to it original (ARM template defined state), all Access Policies you and pipelines add afterwards are removed. This powershell grabs all current Access Polecies and gives them as a parameter to the ARM template. The two following steps provisions the Azure KeyVault.

Create Pipeline

Information

This creates a release pipeline in the given Azure DevOps account with the below structure, including all necessary files from this CloudBoost library. The service principal account should be created separately in the Azure DevOps account. The variables can all be set in the variables tab and the service principal account can be created via Project Settings --> Service connections. Also don’t forget to set the release trigger, by default it is set to manual.

Pre-requisites

• Azure Subscription and a resource group conform the naming convention. An Azure KeyVault can be in an App Resource group or in a Core resource group (See Azure Resource Organization), depends on your strategy.
• Principal Account for access by Azure DevOps to the Azure Resource Group.

Pipeline