Plan, Design and Manage AzDo variables
Azure DevOps variables play an important role and provide a convenient way to get key bits of data into various parts of the pipelines. In this post, I will talk about how you can plan, design and manage the Azure DevOps variables and leverage this feature more effectively.
There are two ways to create variables.
In this scenario, you know the key - value (actual or by referring other variables) upfront.
Fig1: Predefined Variables
- Do not forget to use secrete option if you have something to be considered as Protected.
- Use $(key) option if you wanted to refer any key as value.
- Scope of such variables stays across the executions.
Runtime variables play an important role and provide a dynamic nature to your pipelines.
You can leverage this feature where you need to get the keys, generated as the output of the one task and required as input in other tasks/s.
- Please note, as these are runtime variables, the scope of such variables is limited to that particular execution.
Write-Host "##vso[task.setvariable variable=sauce]crushed tomatoes" Write-Host "##vso[task.setvariable variable=secret.Sauce;issecret=true]crushed tomatoes with garlic"
You can also use the Batch or Shell scripts to generate such variables.
Understand the scope (pipelines Variables v/s Variable Groups)
Fig2: Variable Scope
Stage/ Environment v/s Release
You can define the variable scope either across the release or specific stage/ environment. Please refer to Figure 2
Scope mention in With-in pipelines section works fine if you have a single Release pipeline. But there are use cases where pipelines designed at the services level. This means you need to have individual pipelines for individual services (depends on the requirements).
For such scenarios, you can leverage the Variable Group feature. Use a variable group to store values that you want to control and make available across multiple pipelines. Variable groups are defined and managed in the Library page under pipelines.
Across the Projects
There are use cases, where teams need key-values across the projects and such keys are managed by some different team and you don’t want to give them access to modify pipelines. Even its practically difficult for them to modify values on individual pipelines.
Example: Software Product Keys
In such a case, you can leverage Azure Key-Vault integration with pipelines variables.
You can leverage Azure Key-vault in any scenario wheather its with-in pipeline, across pipeline or projects
Azure Key-Vault integration with Azure pipeline/s
Cloud applications and services use cryptographic keys and secrets to help keep information secure. Azure Key Vault safeguards these keys and secrets. When you use Key Vault, you can encrypt authentication keys, storage account keys, data encryption keys, .pfx files, and passwords by using keys that are protected by hardware security modules (HSMs).
In nut-shell, This is MS managed service, which provides machines to secure your key-values, certificates.
Fig3: Azure KeyVault Integration
- Enable CI against all Branches
- VSTS Build and Release Agents
- People, Process, Product - DevOps - Build & Release
- IaC Deployment using VSTS Release and GitRepo
- People, Process, Product - DevOps - 2