Menu
I am building an Azure DevOps pipleline using Terraform. The pipeline creates a Linux server and then logs into the Linux server to update packages and install Apache.
I am currently storing the private key in my BitBucket repo (I know, this is not best practice), which are then pulled down onto the build agent server and then I login to the new server with the following command:
ssh -f -q -o BatchMode=yes -o StrictHostKeyChecking=no -i ../private_key.pem ubuntu@$ip sudo apt update -y
What is the best way to store and then retrieve the private key within Azure DevOps?
629
Two options I can think of:
1) Create an ssh service connection in azure DevOps. Reference the service connection in your pipeline. https://medium.com/@sibeeshvenu/ssh-deployment-task-in-azure-pipelines-b0e2923bd7b4
2) Store the SSH key as an Azure Key Vault secret and then download the secret using the Azure CLI during the build.
az keyvault secret download --name mysshkey --vault-name mykeyvault --file ~/.ssh/id_rsa
Authenticate the Azure CLI using a service principal, and supply the credentials to the pipeline using a variable group.
70
I found that Azure DevOps provides you a feature to upload secret files are part of the build. You can see more information here:
https://docs.microsoft.com/en-us/azure/devops/pipelines/library/secure-files?view=azure-devops
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
