i am using a release pipeline to create my resources in Azure. I have a DBConnection-string parameter to set on a created/updated KeyVault secret, but i do not like the idea of having it in plain text in my parameter file.
I have created a variable group in Pipelines/Library, and I have added this group to the pipeline variables.
But i cannot seem to reference it in either the BICEP or in the parameters file.
In bicep:
param DBConnection string
In parameters.json:
..
"parameters": {
"DBConnection": {
"value":"I want this to come from pipeline variables"
},
How would I be able to do this?
I have tried stuff like:
"value": "$(DBConnection)"
But this just writes "$(DBConnection)" in the secret
UPDATE: using
-DBConnection "$(DBConnection)"
in Override template parameters did the trick.
NOTE: Spent hours debugging why
-DBConnection $(DBConnection)
didn't work. Turns out any spaces in the values will break it and cause an empty-variable error
The trick is not to put it in the parameters file, but pass the parameter at the point of deployment.
This pattern can also be used to override values in the parameters file.
eg.
az deployment group create -g YourRG -f main.bicep -p params.json -p DBConnection=$(DBConnection)
If you're using the Azure DevOps pipeline task for AzureResourceManagerTemplateDeployment then you'd use overrideParameters.
steps:
- task: AzureResourceManagerTemplateDeployment@3
inputs:
deploymentScope: 'Resource Group'
azureResourceManagerConnection: '$(azureServiceConnection)'
action: 'Create Or Update Resource Group'
resourceGroupName: '$(resourceGroupName)'
location: '$(location)'
templateLocation: 'Linked artifact'
csmFile: '$(templateFile)'
overrideParameters: '-DBConnection $(DBConnection)'
deploymentMode: 'Incremental'
deploymentName: 'DeployPipelineTemplate'