| code | effort | bonus | required | type |
|---|---|---|---|---|
T1Q0GRH0 |
15 |
false |
true |
Product Backlog Item |
To ensure no secrets end up in Source Control or in plain text, secret variables or a keyvault can be used. Sensitive data that is required for deployment must be inserted in the scripts at deployment time.
In this achievement, you will create secret release variables and use the secrets within your scripts. You will run a SQL Script that creates a SQL user and assign it to a role, using the password configured in the pipeline.
We can use a dedicated build task to replace a variable in a script. For example, the text #password# will be automatically replaced with a release variable [password].
- A SQL Script that creates a SQL user and assigns the user the db_datareader role
- Script should contain tokens for secrets
- Replacement of secrets with pipeline variables
- Optional; Execution of SQL Script against the created database