Store secrets in a key vault in Azure DevTest Labs
You may need to enter a complex secret when using Azure DevTest Labs: password for your Windows VM, public SSH key for your Linux VM, or personal access token to clone your Git repo through an artifact. Secrets are usually long and have random characters. Therefore, entering them can be tricky and inconvenient, especially if you use the same secret multiple times.
To solve this problem and also keep your secrets in a safe place, DevTest Labs supports storing secrets in an Azure key vault. When a user saves a secret for the first time, the DevTest Labs service automatically creates a key vault in the same resource group that contains the lab and stores the secret in the key vault. DevTest Labs creates a separate key vault for each user.
Please note that lab user will need to first create a lab virtual machine before they can create a secret in the key vault. This is because DevTest Lab service needs to associate the lab user with a valid user document before they are allowed to create and store secrets in their key vault.
Save a secret in Azure Key Vault
To save your secret in Azure Key Vault, do the following steps:
Select My secrets on the left menu.
Enter a name for the secret. You see this name in the drop-down list when creating a VM, formula, or an environment.
Enter the secret as the value.
Use a secret from Azure Key Vault
When you need to enter a secret to create a VM, formula, or an environment, you can either enter a secret manually or select a saved secret from the key vault. To use a secret stored in your key vault, do the following actions:
Select Use a saved secret.
Select your secret from the drop-down list for Pick a secret.
Use a secret in an Azure Resource Manager template
You can specify your secret name in an Azure Resource Manager template that's used to create a VM as shown in the following example: