Azure devops terraform pipeline generate client id and secretHow to implement automated login without user interaction into azure portal from VSTS using azure CLI & power shell scriptAzure Vnet Peering across subscriptions using TerraformCannot acces keyvault secrets through service endpoint in a VSTS releaseAzure DevOps unable to deploy to Azure Web AppAzure devops powershell gives different result than local powershell on the same queryProper way to set up a release pipeline in Azure Devops for Python based Azure FunctionAzure secret download issue on linux using az keyvaultaz login fails wih Azure DevOps PipelinesUpdate Docker tag using Docker task on Azure DevOps pipelineConnecting DevOps VSTS to Azure different organization
If a person claims to know anything could it be disproven by saying 'prove that we are not in a simulation'?
Is there a word for returning to unpreparedness?
Do I have to cite common CS algorithms?
What are the advantages of this gold finger shape?
Sum Square Difference, which way is more Pythonic?
The more + the + comparative degree
What would cause a nuclear power plant to break down after 2000 years, but not sooner?
The oceans and the moon
Why aren't rainbows blurred-out into nothing after they are produced?
Unconventional examples of mathematical modelling
Why do so many people play out of turn on the last lead?
Word for an event that will likely never happen again
Why does Japan use the same type of AC power outlet as the US?
"Mouth-breathing" as slang for stupidity
Is it OK to draw different current from L1 and L2 on NEMA 14-50?
Can the average speed of a moving body be 0?
Who is the controller of a Pacifism enchanting my creature?
Number in overlapping range
What is the most difficult concept to grasp in Calculus 1?
What if a restaurant suddenly cannot accept credit cards, and the customer has no cash?
How can I find an old paper when the usual methods fail?
A man in the desert is bitten by a skeletal animal, its skull gets stuck on his arm
What would it take to get a message to another star?
What is the opposite of "hunger level"?
Azure devops terraform pipeline generate client id and secret
How to implement automated login without user interaction into azure portal from VSTS using azure CLI & power shell scriptAzure Vnet Peering across subscriptions using TerraformCannot acces keyvault secrets through service endpoint in a VSTS releaseAzure DevOps unable to deploy to Azure Web AppAzure devops powershell gives different result than local powershell on the same queryProper way to set up a release pipeline in Azure Devops for Python based Azure FunctionAzure secret download issue on linux using az keyvaultaz login fails wih Azure DevOps PipelinesUpdate Docker tag using Docker task on Azure DevOps pipelineConnecting DevOps VSTS to Azure different organization
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I am using this terraform manifest to deploy AKS on Azure. I can do this via the commandline fine and it works, as I have azure cli configured on my machine to generate client id and secret
https://github.com/anubhavmishra/terraform-azurerm-aks
However, I am now building this on Azure Devops Pipeline
So, far i have managed to run terraform init and plan with backend storage on Azure, using Azure Devops using this extension
https://marketplace.visualstudio.com/items?itemName=charleszipp.azure-pipelines-tasks-terraform
Question: How do i get client id and secret on the Azure devops pipeline and set that as an environment variable for terraform? I tried creating a bash az command in the pipeline
> az ad sp create-for-rbac --role="Contributor"
> --scopes="/subscriptions/YOUR_SUBSCRIPTION_ID"
but failed with this error
> 2019-03-27T10:41:58.1042923Z
2019-03-27T10:41:58.1055624Z Setting AZURE_CONFIG_DIR env variable to: /home/vsts/work/_temp/.azclitask
2019-03-27T10:41:58.1060006Z Setting active cloud to: AzureCloud
2019-03-27T10:41:58.1069887Z [command]/usr/bin/az cloud set -n AzureCloud
2019-03-27T10:41:58.9004429Z [command]/usr/bin/az login --service-principal -u *** -p *** --tenant ***
2019-03-27T10:42:00.0695154Z [
2019-03-27T10:42:00.0696915Z
2019-03-27T10:42:00.0697522Z "cloudName": "AzureCloud",
2019-03-27T10:42:00.0698958Z "id": "88bfee03-551c-4ed3-98b0-be68aee330bb",
2019-03-27T10:42:00.0704752Z "isDefault": true,
2019-03-27T10:42:00.0705381Z "name": "Visual Studio Enterprise",
2019-03-27T10:42:00.0706362Z "state": "Enabled",
2019-03-27T10:42:00.0707434Z "tenantId": "***",
2019-03-27T10:42:00.0716107Z "user":
2019-03-27T10:42:00.0717485Z "name": "***",
2019-03-27T10:42:00.0718161Z "type": "servicePrincipal"
2019-03-27T10:42:00.0718675Z
2019-03-27T10:42:00.0719185Z
2019-03-27T10:42:00.0719831Z ]
2019-03-27T10:42:00.0728173Z [command]/usr/bin/az account set --subscription 88bfee03-551c-4ed3-98b0-be68aee330bb
2019-03-27T10:42:00.8569816Z [command]/bin/bash /home/vsts/work/_temp/azureclitaskscript1553683312219.sh
2019-03-27T10:42:02.4431342Z ERROR: Directory permission is needed for the current user to register the application. For how to configure, please refer 'https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal'. Original error: Insufficient privileges to complete the operation.
2019-03-27T10:42:02.5271752Z [command]/usr/bin/az account clear
2019-03-27T10:42:03.3092558Z ##[error]Script failed with error: Error: /bin/bash failed with return code: 1
2019-03-27T10:42:03.3108490Z ##[section]Finishing: Azure CLI
bash azure terraform az
asked Mar 27 at 11:38
krisdigitxkrisdigitx
2,94615 gold badges47 silver badges82 bronze badges
add a comment |
I am using this terraform manifest to deploy AKS on Azure. I can do this via the commandline fine and it works, as I have azure cli configured on my machine to generate client id and secret
https://github.com/anubhavmishra/terraform-azurerm-aks
However, I am now building this on Azure Devops Pipeline
So, far i have managed to run terraform init and plan with backend storage on Azure, using Azure Devops using this extension
https://marketplace.visualstudio.com/items?itemName=charleszipp.azure-pipelines-tasks-terraform
Question: How do i get client id and secret on the Azure devops pipeline and set that as an environment variable for terraform? I tried creating a bash az command in the pipeline
> az ad sp create-for-rbac --role="Contributor"
> --scopes="/subscriptions/YOUR_SUBSCRIPTION_ID"
but failed with this error
> 2019-03-27T10:41:58.1042923Z
2019-03-27T10:41:58.1055624Z Setting AZURE_CONFIG_DIR env variable to: /home/vsts/work/_temp/.azclitask
2019-03-27T10:41:58.1060006Z Setting active cloud to: AzureCloud
2019-03-27T10:41:58.1069887Z [command]/usr/bin/az cloud set -n AzureCloud
2019-03-27T10:41:58.9004429Z [command]/usr/bin/az login --service-principal -u *** -p *** --tenant ***
2019-03-27T10:42:00.0695154Z [
2019-03-27T10:42:00.0696915Z
2019-03-27T10:42:00.0697522Z "cloudName": "AzureCloud",
2019-03-27T10:42:00.0698958Z "id": "88bfee03-551c-4ed3-98b0-be68aee330bb",
2019-03-27T10:42:00.0704752Z "isDefault": true,
2019-03-27T10:42:00.0705381Z "name": "Visual Studio Enterprise",
2019-03-27T10:42:00.0706362Z "state": "Enabled",
2019-03-27T10:42:00.0707434Z "tenantId": "***",
2019-03-27T10:42:00.0716107Z "user":
2019-03-27T10:42:00.0717485Z "name": "***",
2019-03-27T10:42:00.0718161Z "type": "servicePrincipal"
2019-03-27T10:42:00.0718675Z
2019-03-27T10:42:00.0719185Z
2019-03-27T10:42:00.0719831Z ]
2019-03-27T10:42:00.0728173Z [command]/usr/bin/az account set --subscription 88bfee03-551c-4ed3-98b0-be68aee330bb
2019-03-27T10:42:00.8569816Z [command]/bin/bash /home/vsts/work/_temp/azureclitaskscript1553683312219.sh
2019-03-27T10:42:02.4431342Z ERROR: Directory permission is needed for the current user to register the application. For how to configure, please refer 'https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal'. Original error: Insufficient privileges to complete the operation.
2019-03-27T10:42:02.5271752Z [command]/usr/bin/az account clear
2019-03-27T10:42:03.3092558Z ##[error]Script failed with error: Error: /bin/bash failed with return code: 1
2019-03-27T10:42:03.3108490Z ##[section]Finishing: Azure CLI
bash azure terraform az
asked Mar 27 at 11:38
krisdigitxkrisdigitx
2,94615 gold badges47 silver badges82 bronze badges
add a comment |
I am using this terraform manifest to deploy AKS on Azure. I can do this via the commandline fine and it works, as I have azure cli configured on my machine to generate client id and secret
https://github.com/anubhavmishra/terraform-azurerm-aks
However, I am now building this on Azure Devops Pipeline
So, far i have managed to run terraform init and plan with backend storage on Azure, using Azure Devops using this extension
https://marketplace.visualstudio.com/items?itemName=charleszipp.azure-pipelines-tasks-terraform
Question: How do i get client id and secret on the Azure devops pipeline and set that as an environment variable for terraform? I tried creating a bash az command in the pipeline
> az ad sp create-for-rbac --role="Contributor"
> --scopes="/subscriptions/YOUR_SUBSCRIPTION_ID"
but failed with this error
> 2019-03-27T10:41:58.1042923Z
2019-03-27T10:41:58.1055624Z Setting AZURE_CONFIG_DIR env variable to: /home/vsts/work/_temp/.azclitask
2019-03-27T10:41:58.1060006Z Setting active cloud to: AzureCloud
2019-03-27T10:41:58.1069887Z [command]/usr/bin/az cloud set -n AzureCloud
2019-03-27T10:41:58.9004429Z [command]/usr/bin/az login --service-principal -u *** -p *** --tenant ***
2019-03-27T10:42:00.0695154Z [
2019-03-27T10:42:00.0696915Z
2019-03-27T10:42:00.0697522Z "cloudName": "AzureCloud",
2019-03-27T10:42:00.0698958Z "id": "88bfee03-551c-4ed3-98b0-be68aee330bb",
2019-03-27T10:42:00.0704752Z "isDefault": true,
2019-03-27T10:42:00.0705381Z "name": "Visual Studio Enterprise",
2019-03-27T10:42:00.0706362Z "state": "Enabled",
2019-03-27T10:42:00.0707434Z "tenantId": "***",
2019-03-27T10:42:00.0716107Z "user":
2019-03-27T10:42:00.0717485Z "name": "***",
2019-03-27T10:42:00.0718161Z "type": "servicePrincipal"
2019-03-27T10:42:00.0718675Z
2019-03-27T10:42:00.0719185Z
2019-03-27T10:42:00.0719831Z ]
2019-03-27T10:42:00.0728173Z [command]/usr/bin/az account set --subscription 88bfee03-551c-4ed3-98b0-be68aee330bb
2019-03-27T10:42:00.8569816Z [command]/bin/bash /home/vsts/work/_temp/azureclitaskscript1553683312219.sh
2019-03-27T10:42:02.4431342Z ERROR: Directory permission is needed for the current user to register the application. For how to configure, please refer 'https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal'. Original error: Insufficient privileges to complete the operation.
2019-03-27T10:42:02.5271752Z [command]/usr/bin/az account clear
2019-03-27T10:42:03.3092558Z ##[error]Script failed with error: Error: /bin/bash failed with return code: 1
2019-03-27T10:42:03.3108490Z ##[section]Finishing: Azure CLI
bash azure terraform az
asked Mar 27 at 11:38
krisdigitxkrisdigitx
2,94615 gold badges47 silver badges82 bronze badges
I am using this terraform manifest to deploy AKS on Azure. I can do this via the commandline fine and it works, as I have azure cli configured on my machine to generate client id and secret
https://github.com/anubhavmishra/terraform-azurerm-aks
However, I am now building this on Azure Devops Pipeline
So, far i have managed to run terraform init and plan with backend storage on Azure, using Azure Devops using this extension
https://marketplace.visualstudio.com/items?itemName=charleszipp.azure-pipelines-tasks-terraform
Question: How do i get client id and secret on the Azure devops pipeline and set that as an environment variable for terraform? I tried creating a bash az command in the pipeline
> az ad sp create-for-rbac --role="Contributor"
> --scopes="/subscriptions/YOUR_SUBSCRIPTION_ID"
but failed with this error
> 2019-03-27T10:41:58.1042923Z
2019-03-27T10:41:58.1055624Z Setting AZURE_CONFIG_DIR env variable to: /home/vsts/work/_temp/.azclitask
2019-03-27T10:41:58.1060006Z Setting active cloud to: AzureCloud
2019-03-27T10:41:58.1069887Z [command]/usr/bin/az cloud set -n AzureCloud
2019-03-27T10:41:58.9004429Z [command]/usr/bin/az login --service-principal -u *** -p *** --tenant ***
2019-03-27T10:42:00.0695154Z [
2019-03-27T10:42:00.0696915Z
2019-03-27T10:42:00.0697522Z "cloudName": "AzureCloud",
2019-03-27T10:42:00.0698958Z "id": "88bfee03-551c-4ed3-98b0-be68aee330bb",
2019-03-27T10:42:00.0704752Z "isDefault": true,
2019-03-27T10:42:00.0705381Z "name": "Visual Studio Enterprise",
2019-03-27T10:42:00.0706362Z "state": "Enabled",
2019-03-27T10:42:00.0707434Z "tenantId": "***",
2019-03-27T10:42:00.0716107Z "user":
2019-03-27T10:42:00.0717485Z "name": "***",
2019-03-27T10:42:00.0718161Z "type": "servicePrincipal"
2019-03-27T10:42:00.0718675Z
2019-03-27T10:42:00.0719185Z
2019-03-27T10:42:00.0719831Z ]
2019-03-27T10:42:00.0728173Z [command]/usr/bin/az account set --subscription 88bfee03-551c-4ed3-98b0-be68aee330bb
2019-03-27T10:42:00.8569816Z [command]/bin/bash /home/vsts/work/_temp/azureclitaskscript1553683312219.sh
2019-03-27T10:42:02.4431342Z ERROR: Directory permission is needed for the current user to register the application. For how to configure, please refer 'https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal'. Original error: Insufficient privileges to complete the operation.
2019-03-27T10:42:02.5271752Z [command]/usr/bin/az account clear
2019-03-27T10:42:03.3092558Z ##[error]Script failed with error: Error: /bin/bash failed with return code: 1
2019-03-27T10:42:03.3108490Z ##[section]Finishing: Azure CLI
bash azure terraform az
bash azure terraform az
asked Mar 27 at 11:38
krisdigitxkrisdigitx
2,94615 gold badges47 silver badges82 bronze badges
asked Mar 27 at 11:38
krisdigitxkrisdigitx
2,94615 gold badges47 silver badges82 bronze badges
asked Mar 27 at 11:38
krisdigitxkrisdigitx
2,94615 gold badges47 silver badges82 bronze badges
asked Mar 27 at 11:38
krisdigitxkrisdigitx
2,94615 gold badges47 silver badges82 bronze badges
asked Mar 27 at 11:38
krisdigitxkrisdigitx
2,94615 gold badges47 silver badges82 bronze badges
2,94615 gold badges47 silver badges82 bronze badges
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
you just need to grant your service connections rights to create service principals. but I'd generally advise against that, just precreate a service principal and use it in your pipeline. creating a new service principal on each run seems excessive.
you can use buildrelease variables and populate those with client idsecret
answered Mar 27 at 11:43
4c74356b414c74356b41
39.3k5 gold badges29 silver badges62 bronze badges
so i create service principal on Azure and then attach to the pipeline, do i need to populate the client id and secret everytime i need to run the pipeline?
– krisdigitx
Mar 27 at 11:50
no, just put them into buildrelease variables and reference those in your script. docs.microsoft.com/en-us/azure/devops/pipelines/process/…
– 4c74356b41
Mar 27 at 11:52
is there a security risk?
– krisdigitx
Mar 27 at 11:56
probably less than generating new service principal every run
– 4c74356b41
Mar 27 at 11:57
i have added the variables on the release pipeline, however they are not available to the terraform plan task, so i need to do anything else, basically i want them as bash environment variable when terraform is run
– krisdigitx
Mar 27 at 12:21
|
show 8 more comments
Here is how I do it with Azure Pipelines.
- Create a Service Principal for Terraform.
- Create the following variables in your pipeline
- ARM_CLIENT_ID
- ARM_CLIENT_SECRET
- ARM_SUBSCRIPTION_ID
- ARM_TENANT_ID
If you choose to store ARM_CLIENT_SECRET as a secret in Azure DevOps you will need to do the following in your task under the Environment Variables sections of the task to get it decrypted so terraform can read it.
answered Mar 27 at 16:07
JamieJamie
1,3239 silver badges22 bronze badges
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55376295%2fazure-devops-terraform-pipeline-generate-client-id-and-secret%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
you just need to grant your service connections rights to create service principals. but I'd generally advise against that, just precreate a service principal and use it in your pipeline. creating a new service principal on each run seems excessive.
you can use buildrelease variables and populate those with client idsecret
answered Mar 27 at 11:43
4c74356b414c74356b41
39.3k5 gold badges29 silver badges62 bronze badges
so i create service principal on Azure and then attach to the pipeline, do i need to populate the client id and secret everytime i need to run the pipeline?
– krisdigitx
Mar 27 at 11:50
no, just put them into buildrelease variables and reference those in your script. docs.microsoft.com/en-us/azure/devops/pipelines/process/…
– 4c74356b41
Mar 27 at 11:52
is there a security risk?
– krisdigitx
Mar 27 at 11:56
probably less than generating new service principal every run
– 4c74356b41
Mar 27 at 11:57
i have added the variables on the release pipeline, however they are not available to the terraform plan task, so i need to do anything else, basically i want them as bash environment variable when terraform is run
– krisdigitx
Mar 27 at 12:21
|
show 8 more comments
you just need to grant your service connections rights to create service principals. but I'd generally advise against that, just precreate a service principal and use it in your pipeline. creating a new service principal on each run seems excessive.
you can use buildrelease variables and populate those with client idsecret
answered Mar 27 at 11:43
4c74356b414c74356b41
39.3k5 gold badges29 silver badges62 bronze badges
so i create service principal on Azure and then attach to the pipeline, do i need to populate the client id and secret everytime i need to run the pipeline?
– krisdigitx
Mar 27 at 11:50
no, just put them into buildrelease variables and reference those in your script. docs.microsoft.com/en-us/azure/devops/pipelines/process/…
– 4c74356b41
Mar 27 at 11:52
is there a security risk?
– krisdigitx
Mar 27 at 11:56
probably less than generating new service principal every run
– 4c74356b41
Mar 27 at 11:57
i have added the variables on the release pipeline, however they are not available to the terraform plan task, so i need to do anything else, basically i want them as bash environment variable when terraform is run
– krisdigitx
Mar 27 at 12:21
|
show 8 more comments
you just need to grant your service connections rights to create service principals. but I'd generally advise against that, just precreate a service principal and use it in your pipeline. creating a new service principal on each run seems excessive.
you can use buildrelease variables and populate those with client idsecret
answered Mar 27 at 11:43
4c74356b414c74356b41
39.3k5 gold badges29 silver badges62 bronze badges
you just need to grant your service connections rights to create service principals. but I'd generally advise against that, just precreate a service principal and use it in your pipeline. creating a new service principal on each run seems excessive.
you can use buildrelease variables and populate those with client idsecret
answered Mar 27 at 11:43
4c74356b414c74356b41
39.3k5 gold badges29 silver badges62 bronze badges
answered Mar 27 at 11:43
4c74356b414c74356b41
39.3k5 gold badges29 silver badges62 bronze badges
answered Mar 27 at 11:43
4c74356b414c74356b41
39.3k5 gold badges29 silver badges62 bronze badges
answered Mar 27 at 11:43
4c74356b414c74356b41
39.3k5 gold badges29 silver badges62 bronze badges
39.3k5 gold badges29 silver badges62 bronze badges
so i create service principal on Azure and then attach to the pipeline, do i need to populate the client id and secret everytime i need to run the pipeline?
– krisdigitx
Mar 27 at 11:50
no, just put them into buildrelease variables and reference those in your script. docs.microsoft.com/en-us/azure/devops/pipelines/process/…
– 4c74356b41
Mar 27 at 11:52
is there a security risk?
– krisdigitx
Mar 27 at 11:56
probably less than generating new service principal every run
– 4c74356b41
Mar 27 at 11:57
i have added the variables on the release pipeline, however they are not available to the terraform plan task, so i need to do anything else, basically i want them as bash environment variable when terraform is run
– krisdigitx
Mar 27 at 12:21
|
show 8 more comments
so i create service principal on Azure and then attach to the pipeline, do i need to populate the client id and secret everytime i need to run the pipeline?
– krisdigitx
Mar 27 at 11:50
no, just put them into buildrelease variables and reference those in your script. docs.microsoft.com/en-us/azure/devops/pipelines/process/…
– 4c74356b41
Mar 27 at 11:52
is there a security risk?
– krisdigitx
Mar 27 at 11:56
probably less than generating new service principal every run
– 4c74356b41
Mar 27 at 11:57
i have added the variables on the release pipeline, however they are not available to the terraform plan task, so i need to do anything else, basically i want them as bash environment variable when terraform is run
– krisdigitx
Mar 27 at 12:21
so i create service principal on Azure and then attach to the pipeline, do i need to populate the client id and secret everytime i need to run the pipeline?
– krisdigitx
Mar 27 at 11:50
so i create service principal on Azure and then attach to the pipeline, do i need to populate the client id and secret everytime i need to run the pipeline?
– krisdigitx
Mar 27 at 11:50
no, just put them into buildrelease variables and reference those in your script. docs.microsoft.com/en-us/azure/devops/pipelines/process/…
– 4c74356b41
Mar 27 at 11:52
no, just put them into buildrelease variables and reference those in your script. docs.microsoft.com/en-us/azure/devops/pipelines/process/…
– 4c74356b41
Mar 27 at 11:52
is there a security risk?
– krisdigitx
Mar 27 at 11:56
is there a security risk?
– krisdigitx
Mar 27 at 11:56
probably less than generating new service principal every run
– 4c74356b41
Mar 27 at 11:57
probably less than generating new service principal every run
– 4c74356b41
Mar 27 at 11:57
i have added the variables on the release pipeline, however they are not available to the terraform plan task, so i need to do anything else, basically i want them as bash environment variable when terraform is run
– krisdigitx
Mar 27 at 12:21
i have added the variables on the release pipeline, however they are not available to the terraform plan task, so i need to do anything else, basically i want them as bash environment variable when terraform is run
– krisdigitx
Mar 27 at 12:21
|
show 8 more comments
Here is how I do it with Azure Pipelines.
- Create a Service Principal for Terraform.
- Create the following variables in your pipeline
- ARM_CLIENT_ID
- ARM_CLIENT_SECRET
- ARM_SUBSCRIPTION_ID
- ARM_TENANT_ID
If you choose to store ARM_CLIENT_SECRET as a secret in Azure DevOps you will need to do the following in your task under the Environment Variables sections of the task to get it decrypted so terraform can read it.
answered Mar 27 at 16:07
JamieJamie
1,3239 silver badges22 bronze badges
add a comment |
Here is how I do it with Azure Pipelines.
- Create a Service Principal for Terraform.
- Create the following variables in your pipeline
- ARM_CLIENT_ID
- ARM_CLIENT_SECRET
- ARM_SUBSCRIPTION_ID
- ARM_TENANT_ID
If you choose to store ARM_CLIENT_SECRET as a secret in Azure DevOps you will need to do the following in your task under the Environment Variables sections of the task to get it decrypted so terraform can read it.
answered Mar 27 at 16:07
JamieJamie
1,3239 silver badges22 bronze badges
add a comment |
Here is how I do it with Azure Pipelines.
- Create a Service Principal for Terraform.
- Create the following variables in your pipeline
- ARM_CLIENT_ID
- ARM_CLIENT_SECRET
- ARM_SUBSCRIPTION_ID
- ARM_TENANT_ID
If you choose to store ARM_CLIENT_SECRET as a secret in Azure DevOps you will need to do the following in your task under the Environment Variables sections of the task to get it decrypted so terraform can read it.
answered Mar 27 at 16:07
JamieJamie
1,3239 silver badges22 bronze badges
Here is how I do it with Azure Pipelines.
- Create a Service Principal for Terraform.
- Create the following variables in your pipeline
- ARM_CLIENT_ID
- ARM_CLIENT_SECRET
- ARM_SUBSCRIPTION_ID
- ARM_TENANT_ID
If you choose to store ARM_CLIENT_SECRET as a secret in Azure DevOps you will need to do the following in your task under the Environment Variables sections of the task to get it decrypted so terraform can read it.
answered Mar 27 at 16:07
JamieJamie
1,3239 silver badges22 bronze badges
answered Mar 27 at 16:07
JamieJamie
1,3239 silver badges22 bronze badges
answered Mar 27 at 16:07
JamieJamie
1,3239 silver badges22 bronze badges
answered Mar 27 at 16:07
JamieJamie
1,3239 silver badges22 bronze badges
1,3239 silver badges22 bronze badges
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55376295%2fazure-devops-terraform-pipeline-generate-client-id-and-secret%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
