Skip to main content
Version: 3.25

Azure DevOps Integration

Microsoft Azure Pipelines automatically builds and tests code projects to make them available to others. It works with just about any language or project type. Azure Pipelines combine continuous integration (CI) and continuous delivery (CD) to constantly and consistently test and build your code and ship it to any target.

With the DSM CLI Azure DevOps integration, it is possible to inject secrets on-the-fly during the execution of a pipeline without the need to expose sensitive information through environment variables, or even worrying about secret rotation.

In addition, this integration will intercept all variables in the pipeline so that administrators can identify if there is sensitive information not managed by senhasegura DSM. It also registers all secrets as environment variables transparently for developers.

Azure DevOps Integration Workflow

Deploy DSM CLI on Azure DevOps

To integrate DSM CLI with Azure DevOps, follow these steps:

  1. Access a project in your Azure DevOps account;
  2. Add the executable, the config file and optionally the senhasegura-mapping.json file into the project repository;
  3. Edit your azure-pipelines.yml file in your project folder;
  4. During the desired job of your pipeline, add the code to execute the DSM CLI;
  5. Click in the pipeline Variables settings;
  6. Register the variables necessary for DSM CLI execution as described in the usage guide;
  7. Execute the Azure DevOps pipeline to finish;
Azure DevOps Variables

Example of an azure-pipelines.yaml file using DSM CLI:

azure-pipelines.yaml
# This file is an example to demonstrate the usage of DSM CLI inside a Azure DevOps pipeline
# Make sure to upload the executable and the configuration files to your project
# For more information on its usage, please visit https://docs.senhasegura.io/

trigger:
- main

pool:
default

steps:
- script: |
dsm runb \
--app-name $APPLICATION \
--system $SYSTEM \
--environment $ENVIRONMENT \
--config .config.yml \
--tool-name azure-devops \
rm .runb.vars
displayName: 'DSM CLI Running Belt execution'
env:
APPLICATION: $(APPLICATION)
SYSTEM: $(SYSTEM)
ENVIRONMENT: $(ENVIRONMENT)
Authentication

Make sure you select OAuth 2.0 as Authentication Method on senhasegura DSM since the CLI uses it to fetch secret information.

DSM CLI Usage

For more information on how to use DSM CLI, please check the DSM CLI usage guide.

Use DSM CLI to Inject Secrets in Pipelines

After configuring the CLI in the project follow menu Pipelines ➔ Pipelines to run the pipeline and use the secret data.

  1. Select the pipeline and click on the Run Pipeline button;
  2. On the next step, click on Run;
  3. Then click on the Job Name to display the execution result;
Azure DevOps DSM CLI Integration Output