Is it possible to deploy without changing credentials?

[mcharles96]

Can credentials remain unchanged during deployment? I ask because currently, we manually configure credentials for each environment. Creating secrets and keys in Azure Key Vault is challenging, as only a few employees have the authority. Consequently, when deploying, I find myself having to revisit the environment to reconfigure all keys and secrets. This is necessary since the resources transition to the next environment, but the keys and secrets pertain to the previous one.

I accept other ideas also.

Obs.: Can I store account key, passwords and so on in variables inside Azure DevOps or even the new encrypted credential and pass through the csv config file?

Thank you!

[NowinskiK]

Sure, use Selective Deployment feature and exclude credential object-type from deployment.

[mcharles96]

Hi! Sorry, but how can I do this? What I need to type inside the yaml file to exclude the credentials? I tried something, but still changes the credentials

[NowinskiK]

Look at the documentation:
https://github.com/Azure-Player/azure.datafactory.tools?tab=readme-ov-file#publish-options
https://github.com/Azure-Player/azure.datafactory.tools?tab=readme-ov-file#selective-deployment-triggers-and-logic

[mcharles96]

Yeah, I read the documentation and I tried few approaches, including delete the encryptedCredential for the linkedServices and adding the new credentials in the config file. The result for this last approach is in the print. But when I logged to my production ADF, I had tested the linked services connection and all failed and I have to replace manually again. Maybe go through filter to not replace the encryptedCredential in the destination will be the best alternative, but I tried 2 or 3 different approaches and it's still replacing.

For me it doesn't matter the way to achieve the success in this activity. If the best way is to change the keys/tokens/passwords in the config file, we can proceed this way. But my config file are succesfully read, but not works properly.

Can you help me to fix my config file or to filter to no change the credentials anymore? It's bothering change all the credentials manually everytime the pipeline runs.

[mcharles96]

Hello!

I'm currently using the config-PRD.csv to change those credentials, but for some linked services this is not working.

For SQL database: linkedService, my_db_ls_name, +typeProperties.password, "$($env:SQL_PASSWORD)"
For Databricks and Delta: linkedService, my_databricks_ls_name, +typeProperties.accessToken, "$($env:DB_ACCESS_TOKEN)"
For Blob Storage: linkedService, my_blob_ls_name, +typeProperties.accountKey, "$($env:ADLS_ACCOUNT_KEY)"
For Sharepoint: linkedService, my_sharepoint_ls_name, +typeProperties.servicePrincipalKey, "$($env:SHAREPOINT_KEY)"

Where is the error? For all these linked services, I have a line before with -typeProperties.encryptedCredential. I checked the arguments in the adf_publish branch already. And in the pipeline log I have this: