You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jan 21, 2026. It is now read-only.
Copy file name to clipboardExpand all lines: Instructions/Labs/AZ400_M04_L10_Integrate_Azure_Key_Vault_with_Azure_DevOps.md
+8-6Lines changed: 8 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -90,9 +90,9 @@ In this task, you will import an existing CI YAML pipeline definition, modify an
90
90
91
91
1. In the YAML pipeline definition, customize your Resource Group name by replacing **NAME** on **AZ400-EWebShop-NAME** with a unique value and replace **YOUR-SUBSCRIPTION-ID** with the your own Azure subscriptionId.
92
92
93
-
1. Click on **Save and Run** and wait for the pipeline to execute successfully.
93
+
1. Click on **Save and Run** and wait for the pipeline to execute successfully. You may need to click **Save and Run** a second time to complete the pipeline creation and run process.
94
94
95
-
> **Important**: If you see the message "This pipeline needs permission to access resources before this run can continue to Docker Compose to ACI", click on View, Permit and Permit again. This is needed to allow the pipeline to create the resource.
95
+
> **Important**: If you see the message "This pipeline needs permission to access resources before this run can continue to Docker Compose to ACI", click on View, Permit and Permit again. This is needed to allow the pipeline to create the resource. You must click the build job in order to see the Permission message.
96
96
97
97
> **Note**: The build may take a few minutes to complete. The build definition consists of the following tasks:
98
98
-**AzureResourceManagerTemplateDeployment** uses **bicep** to deploy an Azure Container Registry.
@@ -134,7 +134,7 @@ For this lab scenario, we will have a Azure Container Instance (ACI) that pulls
134
134
> **Note**: You need to secure access to your key vaults by allowing only authorized applications and users. To access the data from the vault, you will need to provide read (Get/List) permissions to the service connection that you created during the lab environment validation for authentication in the pipeline.
135
135
136
136
1. On the **Permission** blade, below **Secret permissions**, check **Get** and **List** permissions. Click on **Next**.
137
-
2. On the **Principal** blade, search for your **Azure subscription service connection** (the one created during lab environment validation, typically named "azure subs"), and select it from the list. You can find the service principal name in Azure DevOps under Project Settings > Service connections > azure subs > Manage service principal. Click on **Next**, **Next**, **Create** (access policy).
137
+
2. On the **Principal** blade, search for your **Azure subscription service connection** (the one created during lab environment validation, typically named "azure subs"), and select it from the list. You can find the service principal name in Azure DevOps under Project Settings > Service connections > azure subs > Manage service principal. If you encounter a permissions error when selecting the Azure subscription, click the **Authorize** button which will automatically create the access policy for you in the key vault. Click on **Next**, **Next**, **Create** (access policy).
138
138
3. On the **Review + create** blade, click on **Create**
139
139
140
140
1. Back on the **Create a key vault** blade, click on **Review + Create > Create**
@@ -150,7 +150,7 @@ For this lab scenario, we will have a Azure Container Instance (ACI) that pulls
150
150
| --- | --- |
151
151
| Upload options |**Manual**|
152
152
| Name |**acr-secret**|
153
-
|Value| ACR access password copied in previous task |
153
+
|Secret value| ACR access password copied in previous task |
154
154
155
155
#### Task 3: Create a Variable Group connected to Azure Key Vault
156
156
@@ -191,8 +191,8 @@ In this task, you will import a CD pipeline, customize it, and run it for deploy
191
191
-**YOUR-ACR.azurecr.io** and **ACR-USERNAME** with your ACR login server (both need the ACR name, can be reviewed on the ACR > Access Keys).
192
192
-**AZ400-EWebShop-NAME** with the resource group name defined before in the lab.
193
193
194
-
1. Click on **Save and Run**.
195
-
1. Open the pipeline and wait to execute successfully.
194
+
1. Click on **Save and Run**. You may need to click **Save and Run** a second time to complete the pipeline creation and run process. You must click the build job in order to see any Permission messages.
195
+
1. Open the pipeline and wait for it to execute successfully.
196
196
197
197
> **Important**: If you see the message "This pipeline needs permission to access resources before this run can continue to Docker Compose to ACI", click on View, Permit and Permit again. This is needed to allow the pipeline to create the resource.
198
198
@@ -201,6 +201,8 @@ In this task, you will import a CD pipeline, customize it, and run it for deploy
201
201
-**Variables (for Deploy stage)** connects to the variable group to consume the Azure Key Vault secret **acr-secret**
202
202
-**AzureResourceManagerTemplateDeployment** deploys the Azure Container Instance (ACI) using bicep template and provides the ACR login parameters to allow ACI to download the previously created container image from Azure Container Registry (ACR).
203
203
204
+
1. To verify the results of the pipeline deployment, in the Azure portal, search for and select the **AZ400-EWebShop-NAME** resource group. In the list of resources, verify that the **az400eshop** container instance was created by the pipeline.
205
+
204
206
1. Your pipeline will take a name based on the project name. Lets **rename** it for identifying the pipeline better. Go to **Pipelines > Pipelines** and click on the recently created pipeline. Click on the ellipsis and **Rename/Remove** option. Name it **eshoponweb-cd-aci** and click on **Save**.
0 commit comments