azure-devops-docs icon indicating copy to clipboard operation
azure-devops-docs copied to clipboard

Published 20 hours ago verified publisher icon MicrosoftDocs

Updating azure-key-vault.md for tutorial to work and formatting.

Open johnmart82 opened this issue 11 months ago • 3 comments

Updates made.

  1. Adding a note to the top of the page to advise readers that they will need to apply for parallel job as there is not one allocated by default to new Azure DevOps organizations. Currently the tutorial will fail with an error stating that there are no parallel jobs and provide the link. This is not a great reader experience and I found frustrating when following the tutorial.
  2. Moving the warning about this not following security best practices from the bottom of the tutorial to the top in order to make it more prominent. This will help make sure that the reader understands that they need to do additional reading and planning to use this in a production setting.
  3. Currently the tutorial will not work as the service principal (SP) creation does not actually get used by Azure DevOps because there is nothing telling readers how to use it to setup a service connection once the SP is created. I have updated this flow now so that the reader will be guided through assigning rights to the secrets using an access policy for the service connection created when the key vault helper is used at the start of the pipeline creation process.
  4. I have updated "Save" to "Save and run" which is the option now used on pipeline creation.
  5. Removed the classic tab for new pipeline creation as the option is no longer available on the new pipeline creation workflow in Azure DevOps.
  6. Removed the YAML header in the New Pipeline section as it is no longer needed now that the classic tab has been removed.

Question

The documentation page currently states that Key Vaults which use RBAC are not supported for use with this Key Vault task (Line 191). I have done some testing and if the Key Vault is switched to RBAC and the service connection principal is given the "Key Vault Secrets User" role assignment it will function the same as if the access policy was in use. Can we check with the product team and see if this is still the case or whether the RBAC capability is now supported and the docs just need to catch up? It would be a good addition to have here given the legacy nature of the key vault access policies.

johnmart82 avatar Mar 06 '24 21:03 johnmart82

@johnmart82 : Thanks for your contribution! The author(s) have been notified to review your proposed change.

prmerger-automator[bot] avatar Mar 06 '24 21:03 prmerger-automator[bot]

@johnmart82 : Thanks for your contribution! The author(s) have been notified to review your proposed change.

prmerger-automator[bot] avatar Mar 06 '24 21:03 prmerger-automator[bot]

@ramiMSFT

  • Can you review this PR?
  • IMPORTANT: When this content is ready to merge, you must add #sign-off in a comment or the approval may get overlooked.

#label:"aq-pr-triaged" @MicrosoftDocs/public-repo-pr-review-team

Jak-MS avatar Mar 06 '24 22:03 Jak-MS

@ramiMSFT Any chance that you can re-open this and take a look? Many thanks.

johnmart82 avatar May 13 '24 12:05 johnmart82

Thanks for your contribution. However, this article has recently been reviewed and overhauled to update the setup and authentication process. Please check out the latest version. Classic is still part of the pipeline experience; you just have to switch to the native experience.

ramiMSFT avatar May 24 '24 22:05 ramiMSFT