CODEWITHSUNDEEP
azurepowershellazure-devopsazure-keyvaultaz
Vineesha.C
Vineesha.C

Reputation: 343

How to trigger a Azure devops pipeline whenever there is azure keyvault secret change?

I'm trying to trigger an azure pipeline whenever there is new value-added to my secret or whenever there is a certificate change in the key vault.

Upvotes: 0

Views: 1144

Answers (2)

Krzysztof Madej
Krzysztof Madej

Reputation: 40729

As @rickvdbosch wrote you can use Event Grid. Events are strongly typed:

[
   {
      "id":"00eccf70-95a7-4e7c-8299-2eb17ee9ad64",
      "topic":"/subscriptions/{subscription-id}/resourceGroups/sample-rg/providers/Microsoft.KeyVault/vaults/sample-kv",
      "subject":"newsecret",
      "eventType":"Microsoft.KeyVault.SecretNewVersionCreated",
      "eventTime":"2019-07-25T01:08:33.1036736Z",
      "data":{
         "Id":"https://sample-kv.vault.azure.net/secrets/newsecret/ee059b2bb5bc48398a53b168c6cdcb10",
         "vaultName":"sample-kv",
         "objectType":"Secret",
         "objectName ":"newsecret",
         "version":" ee059b2bb5bc48398a53b168c6cdcb10",
         "nbf":"1559081980",
         "exp":"1559082102"
      },
      "dataVersion":"1",
      "metadataVersion":"1"
   }
]

so you exactly knows what happened. Please check documentation for more details. Here for instance you have an example of how to configure Event Grid and Azure Key Vault. For instance you can modify this to put call to Azure DevOps rest API to trigger a build.

POST https://dev.azure.com/{organization}/{project}/_apis/build/builds?api-version=5.1

Upvotes: 1

rickvdbosch
rickvdbosch

Reputation: 15611

You can use the Events (powered by Event Grid) for this.

Here are the supported events for Key Vaults:

Key Vault events

Upvotes: 0

Related Questions