Plan, Design and Manage AzDo variables

Azure DevOps variables play an important role and provide a convenient way to get key bits of data into various parts of the pipelines. In this post, I will talk about how you can plan, design and manage the Azure DevOps variables and leverage this feature more effectively.

Create Variables

There are two ways to create variables.

Predefined variables

In this scenario, you know the key - value (actual or by referring other variables) upfront.

Fig1: Predefined Variables

  • Do not forget to use secrete option if you have something to be considered as Protected.
  • Use $(key) option if you wanted to refer any key as value.
  • Scope of such variables stays across the executions.

Runtime variables

Runtime variables play an important role and provide a dynamic nature to your pipelines.

You can leverage this feature where you need to get the keys, generated as the output of the one task and required as input in other tasks/s.

  • Please note, as these are runtime variables, the scope of such variables is limited to that particular execution.

Example

Write-Host "##vso[task.setvariable variable=sauce]crushed tomatoes"
Write-Host "##vso[task.setvariable variable=secret.Sauce;issecret=true]crushed tomatoes with garlic"

You can also use the Batch or Shell scripts to generate such variables.

Read more about Runtime variables

Understand the scope (pipelines Variables v/s Variable Groups)

Fig2: Variable Scope

With-in pipeline

Stage/ Environment v/s Release

You can define the variable scope either across the release or specific stage/ environment. Please refer to Figure 2

Across pipelines

Scope mention in With-in pipelines section works fine if you have a single Release pipeline. But there are use cases where pipelines designed at the services level. This means you need to have individual pipelines for individual services (depends on the requirements).

For such scenarios, you can leverage the Variable Group feature. Use a variable group to store values that you want to control and make available across multiple pipelines. Variable groups are defined and managed in the Library page under pipelines.

Read more about Variable Groups

Across the Projects

There are use cases, where teams need key-values across the projects and such keys are managed by some different team and you don’t want to give them access to modify pipelines. Even its practically difficult for them to modify values on individual pipelines.

Example: Software Product Keys

In such a case, you can leverage Azure Key-Vault integration with pipelines variables.

You can leverage Azure Key-vault in any scenario wheather its with-in pipeline, across pipeline or projects

Azure Key-Vault integration with Azure pipeline/s

Cloud applications and services use cryptographic keys and secrets to help keep information secure. Azure Key Vault safeguards these keys and secrets. When you use Key Vault, you can encrypt authentication keys, storage account keys, data encryption keys, .pfx files, and passwords by using keys that are protected by hardware security modules (HSMs).

In nut-shell, This is MS managed service, which provides machines to secure your key-values, certificates.

Fig3: Azure KeyVault Integration

Related Posts

About Ajeet Chouksey

A passionate, certified technologist, blogger, author and community contributor with 13+ years of industry experience on delivering continuous value to the client. My specialisms are Azure, Modern Engineering/ DevOps, defining, implementing the technical strategies and solutions.