I'm working with Azure Data Factory (ADF) and need to automate the promotion of credentials (e.g., Linked Service connection strings, secrets) from the development environment to production using Azure DevOps. I want to create a release pipeline that:
What is the best way to achieve this using ARM templates and Azure DevOps? I would also like to understand how to override Key Vault secrets between environments during deployment.
Any guidance or step-by-step examples on how to set up this release pipeline would be appreciated!
What I've tried so far:
Not sure about your specific configuration of ADF, here is an example for deploying from one env to another.
Config git for your DEV ADF to use Azure repo. See the details from Connect to a Git repository.
Store sensitive information in Azure Key Vault.
Create a release pipeline in Azure DevOps.
For artifact:
For stages:
Add two stages, one for Dev and another for Prod.
For tasks:
Use Azure Key Vault task to download secrets inside it.
Azure subscription: An ARM service connection to access your Azure Key Vault.
Key vault: Select the Key Vault storing the sensitive information for your current env.
Use ARM template deployment task to deploy your ADF.
Fill in the parameters above Template based on your actual conditions.
Template: Use the Browser Template button to select the template from the artifact. For example, ARMTemplateForFactory.json
.
Template parameters: Select your template parameter, ARMTemplateParametersForFactory.json
.
Override template parameters: Click the three-dot button after "Override template parameters" to override parameters.
$(SecretName)
, for example, -AzureSqlDatabase1_password $(DB-Secret-Prod)
in the screenshot below.The above example may not be 100% applicable to you, but the idea of integrating with Azure Key Vault and deploying ADF to different environments is the same. For any credential in the template, parameterize and override it.