This repository contains automation scripts for rotating secrets in Azure Key Vault (AKV) using Azure Pipelines. The project is structured with two YAML files: azure-pipeline.yaml
and secret-rotation-template.yaml
.
azure-pipeline.yaml
: Defines the main pipeline, specifying different stages for secret rotation based on the targeted environment (Development, QA, Stage, Production).secret-rotation-template.yaml
: Contains the template for the secret rotation process, including the actual steps for updating secrets in AKV.
This file sets up a pipeline with different stages for secret rotation, based on the selected environment. It includes parameters for specifying the environment and utilizes a template for the actual rotation process.
- targetedStage: The environment where the secrets will be rotated. Options include:
- Development
- QA
- Stage
- Production
Depending on the selected environment, the pipeline triggers different stages:
Development
QA
Stage
Production
Each stage uses the secret-rotation-template.yaml
to perform the secret rotation.
This template defines the steps required to rotate secrets in AKV. It includes parameters for various configurations and stages to perform the rotation and retrieve secret names.
- libraryVariables: List of variables to be rotated in AKV.
- variableGroup: The variable group to be pushed to AKV.
- stageName: Name of the stage.
- stageDisplayName: Display name of the stage.
- vaultName: Name of the Azure Key Vault.
- serviceConnectionName: Name of the service connection for AKV.
- adoEnvironment: The Azure DevOps environment.
- Approval Gate: An approval step before proceeding with the secret rotation.
- rotateSecrets: The job that performs the actual secret rotation.
- getSecretNames: Retrieves the names of the secrets in the specified AKV.
- Clone the Repository: Clone this repository to your local machine.
- Configure the Pipeline: Update the
azure-pipeline.yaml
file with the appropriate values for your environment. - Run the Pipeline: Trigger the pipeline from your Azure DevOps project.
Contributions are welcome! Please fork the repository and create a pull request with your changes.