Connect Azure Key Vault into Visual Studio Team Services

Deployment process usually contains secrets like passwords, usernames and urls. Commonly these secrets are put into CI build configuration, but there is an better option, at least if you are using Visual Studio Team Services.

Azure Key Vault

Image result for azure key vault
Azure Key Vault is an Azure service which can store your secrets safely. Key Vault has multiple advantages. For example you can group secrets into collection and give permissions for that collection. Changing passwords etc. is easier, because they are hold in one place.
Visual Studio Team Services can be connected to Azure Key Vault and it can use all the secrets needed for deployment.

First Create Azure Key Vault

Start by creating a new key vault into Azure and add secrets which are used in deployment

Second Connect VSTS into Key Vault

Log into Visual Studio Team Services and click Library link. Add new variable group and toggle ”Link secrets from Azure key vault as variables”. Toggling that will show options to select Azure subscription and key vault. Remember to save settings from top right.
Key Vault variables are used with syntax $(variable_name). For example Powershell task would look like this (don’t mind about caps in names, I just masked some info away from it):