I wrote a few sentences about an Azure Cloud here. Most of the release pipelines change somehow app configuration to align it with a new environment. For a database connection, usually, we inject a connection string into the mentioned configuration. Where do you get from a connection string? From a database, you say. But how to achieve the same, when a database is created on the same release pipeline?
This was a missing part for me, to create a fully operational environment on release pipeline from tasks available on an Azure DevOps. Sure there is ARM template deployment, but I am not a big fan of it.
I decided to create my own task which will take a connection string and pass it to a Key Vault - Safe store for your secrets, keys and certificates.
To use this task you have to have a configured Azure Resource Manager connection with a Service Principal. Set a storage account name which connection string you want to pass into a Key Vault. Set a Key Vault name (if it does not exist, it will be created now). Set a Key name. If your Key Vault does not exist yet, you can set a location for it, or it will inherit location from a Resource Group (scoped by a Service Principal). And voila', after task execution is completed, your key is securely stored in a Key Vault.
This is the first published version of this task. I will appreciate all feedback :)