DEV Community


Pass Storage Account connection string to Key Vault on release pipeline

meanin profile image Paweł Ruciński ・2 min read


I wrote a few sentences about an Azure Cloud here. Most of the release pipelines change somehow app configuration to align it with a new environment. For a database connection, usually, we inject a connection string into the mentioned configuration. Where do you get from a connection string? From a database, you say. But how to achieve the same, when a database is created on the same release pipeline?

This was a missing part for me, to create a fully operational environment on release pipeline from tasks available on an Azure DevOps. Sure there is ARM template deployment, but I am not a big fan of it.

I decided to create my own task which will take a connection string and pass it to a Key Vault - Safe store for your secrets, keys and certificates.

Install extension

To install this extension, you need an organization on Azure DevOps portal. You can start here. On this portal, you have to have rights to install extensions. Then navigate here.

Configure task


To use this task you have to have a configured Azure Resource Manager connection with a Service Principal. Set a storage account name which connection string you want to pass into a Key Vault. Set a Key Vault name (if it does not exist, it will be created now). Set a Key name. If your Key Vault does not exist yet, you can set a location for it, or it will inherit location from a Resource Group (scoped by a Service Principal). And voila', after task execution is completed, your key is securely stored in a Key Vault.

This is the first published version of this task. I will appreciate all feedback :)


Editor guide