Demo about Azure Key Vault event notifications via Event Grid and Logic Apps to Azure Pipelines.
Create one or more Key Vaults. Is this demo we'll create two:
az group create -n rg-keyvault1 -l northeurope
$kv1=az keyvault create -n kv1000000000010 -g rg-keyvault1 -l northeurope --query id -o tsv
az group create -n rg-keyvault2 -l northeurope
$kv2=az keyvault create -n kv2000000000010 -g rg-keyvault2 -l northeurope --query id -o tsvTo deploy the demo infrastructure run following script:
cd deploy
.\deploy.ps1 -KeyVaults $kv1,$kv2Note: It deploys Event Grid System topics to the resource groups of the key vaults since that's currently required. See this feedback item for more details: Allow Event Grid topics and subscriptions to be in separate resource groups
You should now have following Logic App deployed:
Create or update secret in one of your Key Vaults:
az keyvault secret set -n abc --vault-name kv2000000000010 --value "Hello!"After a while you should see following data coming into your request bin:
{
"eventType": "Microsoft.KeyVault.SecretNewVersionCreated",
"objectName": "abc",
"objectType": "Secret",
"vaultName": "kv2000000000010"
}Also your Azure DevOps pipeline should be executed with access to freshly updated key vault secrets!
Developing Logic Apps in Azure Portal is easy and you can use jeffhollan/LogicAppTemplateCreator for extracting your templates out. In a nutshell like this:
Import-Module .\LogicAppTemplate.dll
Get-LogicAppTemplate `
-LogicApp keyvault-event-handler `
-ResourceGroup rg-keyvault-event-local `
-SubscriptionId <your-subscription-id-> `
-TenantName <your-tenant>.onmicrosoft.com `
-DiagnosticSettings > azuredeploy-export.json