How to automate Azure Data Factory (ADF) credential updates from development to production using Azure DevOps?
I'm working with Azure Data Factory (ADF) and need to automate the promotion of credentials (e.g., Linked Service connection strings, secrets) from the development environment to production using Azure DevOps. I want to create a release pipeline that:
- Updates credentials automatically in the ADF linked services.
- Uses Azure Key Vault to manage sensitive information (like passwords or connection strings).
- Promotes credentials from development to production securely without hardcoding them in the pipeline.
What is the best way to achieve this using ARM templates and Azure DevOps? I would also like to understand how to override Key Vault secrets between environments during deployment.
Any guidance or step-by-step examples on how to set up this release pipeline would be appreciated!
What I've tried so far:
I have this setup in DevOps to deploy pipelines.
Not sure about your specific configuration of ADF, here is an example for deploying from one env to another.
Config git for your DEV ADF to use Azure repo. See the details from Connect to a Git repository.
Store sensitive information in Azure Key Vault.
Create a release pipeline in Azure DevOps.
For artifact:
- Source type: Azure Repo
- Default branch: adf_publish
For stages:
Add two stages, one for Dev and another for Prod.
For tasks:
Use Azure Key Vault task to download secrets inside it.
Azure subscription: An ARM service connection to access your Azure Key Vault.
Key vault: Select the Key Vault storing the sensitive information for your current env.
Use ARM template deployment task to deploy your ADF.
Fill in the parameters above Template based on your actual conditions.
Template: Use the Browser Template button to select the template from the artifact. For example,
ARMTemplateForFactory.json.Template parameters: Select your template parameter,
ARMTemplateParametersForFactory.json.
Override template parameters: Click the three-dot button after "Override template parameters" to override parameters.
- You can reference secrets in Azure Key Vault directly in your pipeline using the format
$(SecretName), for example,-AzureSqlDatabase1_password $(DB-Secret-Prod)in the screenshot below. - For different env, use different secrets/keyVaults.
- If you already linked Azure Key Vault to store sensitive information in ADF, you should parameterize the key vault name and override the key vault here instead of the secrets inside it. Learn about parameters from Parameters in ARM templates.
- You can reference secrets in Azure Key Vault directly in your pipeline using the format
The above example may not be 100% applicable to you, but the idea of integrating with Azure Key Vault and deploying ADF to different environments is the same. For any credential in the template, parameterize and override it.
- Cannot add data to a ComplexField using Python SDK for Azure AI Search
- letsencrypt cert request failing for AKS ingress
- Playwright Test execution on Azure Windows machine fails in pipeline with error as No test found, It works perfectly with same command
- How to Combining PowerShell Output from multiple server to Single csv
- How can I find all Azure app registrations with API permissions to a specific app registration?
- Azure Deployment Groups vs Agent Pools
- I cannot extract .sql CREATE TABLEs for each table in my Azure SQL Database in my Azure Repo
- Can not read blobs through BlobContainerClient for blobs with empty folder prefixes
- Are task logs deleted when the node is deleted due to autoscaling in Azure Batch service?
- Azure Function Blob Storage Monitor
- I want to fetch Azure SQL table data from ADF to use as input in copy activity
- How to access code of my Azure website?
- Run JMeter script in AzureDevOps - Bearer Access Token generation
- Azure Function - HTTP trigger request length exceeded
- How and where to define an environment variable on Azure
- Stream Analytics doesn't output the data to SQL but does to a blob storage
- While Hierarchical namespace enabled cannot upload blob with metadata hdi_isfolder
- Cannot log in to Visual Studio Account in VS 2022
- SchemaColumnConvertNotSupportedException: column: [Col_Name], physicalType: INT64, logicalType: string
- create Azure Keyvault secret without exposing values
- Can you create 'User Flows' in Azure with a pay-as-you-go account
- Deploy ARM template at management group scope with Azure DevOps Pipeline
- How to make an azure function that deploys my bicep script from Azure Storage Account
- Basic SQL commands in Terraform
- Can we Deploy Web Application in Azure OpenAI of Production Level
- Get-MgGroupMember by display name instead of userID
- Azure DevOps REST API parent relation link to existing work item error
- What should be put to 'repoOwners' in Managed Identity Federated Credentials policy?
- How to get list of users from CSV file whose LastSignInDate column has a date that is before 90 days from current date or is empty?
- Langchain cannot connect with Azure SQL Database