What is Key Vault?

Azure Key Vault is a cloud service that works as a secure secrets store. You can securely store keys, passwords, certificates, and other secrets.

In this example, I am going to create/fetch secrets in Azure key vault secrets using the PowerShell task in the Azure DevOps, so for this, you need to ensure your Agent (it may be self-hosted or default Agent) has access to the Azure Key vault.

Note: Az Module is required for performing the below operations.

STEP: 1 Connect to Azure using Connect-AzAccount

After executing the below cmdlet, you will get the pop for authentication, post successful authentication you will able to execute from the STEP 2

Connect-AzAccount

STEP: 2 Convert the Values to Secure String

Before pushing the secrets in the Azure key vault ensure you are Converts plain text to encrypted strings to secure.

$captcha_value = ConvertTo-SecureString ‘5KjciMedTTTTTJObOOpwysZPFDH-M-TOx1OIuDt6’ -AsPlainText -Force

STEP: 3 Set the Secrets using set-AzKeyVaultSecret

set-AzKeyVaultSecret -VaultName kv-dgtl-dev -Name ‘captcha-secret-key’ -SecretValue $captcha_value

STEP: 4 Get the Secrets using Get-AzKeyVaultSecret

$captcha-secret = Get-AzKeyVaultSecret -VaultName kv-dgtl-dev -Name ‘captcha-secret-key’

To get the value in plain text just use -AsPlainText at the end of the command as shown below

$captcha-secret = Get-AzKeyVaultSecret -VaultName kv-dgtl-dev -Name ‘captcha-secret-key’ -AsPlainText