Currently, I'm deploying app service (web app) environment variables from a library in Azure DevOps using ARM templates. Now, I want to deploy Key Vaults as library variables and pass them through ARM templates. Please guide me with template code suggestions. In my YAML file, I used `csmParametersFile` and `overrideParameters` to deploy these settings in my web app.
@lajosarpad Currently, I'm deploying app setting variables using pipeline library values directly from Azure DevOps. In my template code, I mentioned these variables against each app setting variable. In my YAML file, I used two functions: csmParametersFile
and overrideParameters
.
Based on your requirement to add web app Environment variables with the values from Key Vault secrets during ARM deployment via pipeline, since you have linked a pipeline variable group to the Key Vault where the secrets are stored, you can reference this variable group in a YAML pipeline, so that the pipeline can use those secret names as pipeline variables and it can proceed to override the parameters in the template with the pipeline secret variable values.
Here are my sample templates and YAML pipeline for your reference.
JSON/WebApp/WebApp.json from my repo;
{
"$schema": "https://schema.management.azure.com/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"metadata": {
"description": "Location to deploy the resources."
}
},
"webAppName": {
"type": "string",
"metadata": {
"description": "Web app name."
}
},
"auth0-ClientId": {
"type": "string",
"metadata": {
"description": "Auth0 Client ID for the application."
}
},
"auth0-ClientSecret": {
"type": "secureString",
"metadata": {
"description": "Auth0 Client Secret for the application."
}
}
},
"variables": {
"appServicePlanName": "asp-azwebapp-linux"
},
"resources": [
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2021-02-01",
"name": "[variables('appServicePlanName')]",
"location": "[parameters('location')]",
"properties": {
"name": "[variables('appServicePlanName')]"
},
"sku": {
"Tier": "Free",
"Name": "F1"
}
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2021-02-01",
"name": "[parameters('webAppName')]",
"location": "[parameters('location')]",
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]"
},
"resources": [],
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]"
]
},
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2021-02-01",
"name": "[concat(parameters('webAppName'), '/appsettings')]",
"properties": {
"auth0-ClientId": "[parameters('auth0-ClientId')]",
"auth0-ClientSecret": "[parameters('auth0-ClientSecret')]"
},
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('webAppName'))]"
]
}
]
}
JSON/WebApp/WebApp.para.json from my repo; auth0-ClientSecret
has no predefined value;
{
"$schema": "https://schema.management.azure.com/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"value": "Southeast Asia"
},
"webAppName": {
"value": "xxxmywebappxxx"
},
"auth0-ClientId": {
"value": "xxxx-xxxx"
},
"auth0-ClientSecret": {
"value": ""
}
}
}
armDeployment.yml
variables:
- group: VG-WebApp # The pipeline libary linked to Key Vault where the secret variable values are stored
steps:
- task: AzureResourceManagerTemplateDeployment@3
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: 'ARMSvcCnnWIFSubxxx'
subscriptionId: 'xxxx'
action: 'Create Or Update Resource Group'
resourceGroupName: 'rg-azwebapp-linux'
location: 'Southeast Asia'
templateLocation: 'Linked artifact'
csmFile: '$(System.DefaultWorkingDirectory)/JSON/WebApp/WebApp.json'
csmParametersFile: '$(System.DefaultWorkingDirectory)/JSON/WebApp/WebApp.para.json'
overrideParameters: >
-webAppName "azwebapp-xxxxxx-$(Build.BuildId)"
-auth0-ClientId "yyyy-yyyy"
-auth0-ClientSecret "$(auth0-ClientSecret)"
deploymentMode: 'Incremental'