A demonstration using @cyberark Conjur's Azure DevOps Pipelines integration
- Pipeline is triggered within Azure DevOps Pipelines or via commit trigger.
- The GitHub repository is downloaded into a working environment created on a self-hosted agent pool.
- The
GetSecret
step authenticates to the Conjur service as the provided Host Identity. - The integration then looks within the root directory of the workspace for a secrets.yml file.
- If the secrets.yml file is detected, it is read. This file defines the environment variable key and the secret variable path in Conjur to give as. (e.g.
ENV_VAR: !var path/to/secret/variable
) - The final step
echo
sSECRET1
andSECRET2
to STDOUT whilesed
adds a space between each char to prevent masking for demonstration purposes.