search

MicrosoftDocs / azure-devops-docs

This repo is the home of the official Azure DevOps documentation for Microsoft. GitHub Issues filed in this repository should be for problems with the documentation.
https://docs.microsoft.com/azure/devops/
Creative Commons Attribution 4.0 International
819 stars 2.44k forks source link

Updating azure-key-vault.md for tutorial to work and formatting. #14042

Closed johnmart82 closed 5 days ago

johnmart82 commented 2 months ago

Updates made.

  1. Adding a note to the top of the page to advise readers that they will need to apply for parallel job as there is not one allocated by default to new Azure DevOps organizations. Currently the tutorial will fail with an error stating that there are no parallel jobs and provide the link. This is not a great reader experience and I found frustrating when following the tutorial.
  2. Moving the warning about this not following security best practices from the bottom of the tutorial to the top in order to make it more prominent. This will help make sure that the reader understands that they need to do additional reading and planning to use this in a production setting.
  3. Currently the tutorial will not work as the service principal (SP) creation does not actually get used by Azure DevOps because there is nothing telling readers how to use it to setup a service connection once the SP is created. I have updated this flow now so that the reader will be guided through assigning rights to the secrets using an access policy for the service connection created when the key vault helper is used at the start of the pipeline creation process.
  4. I have updated "Save" to "Save and run" which is the option now used on pipeline creation.
  5. Removed the classic tab for new pipeline creation as the option is no longer available on the new pipeline creation workflow in Azure DevOps.
  6. Removed the YAML header in the New Pipeline section as it is no longer needed now that the classic tab has been removed.

Question

The documentation page currently states that Key Vaults which use RBAC are not supported for use with this Key Vault task (Line 191). I have done some testing and if the Key Vault is switched to RBAC and the service connection principal is given the "Key Vault Secrets User" role assignment it will function the same as if the access policy was in use. Can we check with the product team and see if this is still the case or whether the RBAC capability is now supported and the docs just need to catch up? It would be a good addition to have here given the legacy nature of the key vault access policies.

prmerger-automator[bot] commented 2 months ago

@johnmart82 : Thanks for your contribution! The author(s) have been notified to review your proposed change.

prmerger-automator[bot] commented 2 months ago

@johnmart82 : Thanks for your contribution! The author(s) have been notified to review your proposed change.

Jak-MS commented 2 months ago

@ramiMSFT

label:"aq-pr-triaged"

@MicrosoftDocs/public-repo-pr-review-team

johnmart82 commented 5 days ago

@ramiMSFT Any chance that you can re-open this and take a look? Many thanks.