How to integrate DSM with Azure DevOps

  • 2 minute(s) read
Prev Next

How to integrate DSM with Azure DevOps using the DSM CLI

By default, Azure DevOps doesn't allow using variables at all stages of the pipeline. For other stages of this pipeline to access secrets, you must define them as environment variables.

  1. Access a project in your Azure DevOps account.
  2. Add the dsm-cli executable, the configuration file, and the segura-mapping.json file (if necessary) to the project repository.
  3. Edit your azure-pipelines.yml file located in the project folder.
  4. Include the code needed to run the DSM CLI at the desired point in your pipeline.
  5. Go to the pipeline variable settings.
  6. Register the variables needed to run the DSM CLI, following the guidelines provided in the user guide.
  7. Run the pipeline in Azure DevOps to complete the process.
Info

If you don't have the dsm-cli and segura-mapping.json files, ask the Segura® support team for them.

Example of an azure-pipelines.yaml file using DSM CLI:

# This file is an example to demonstrate the usage of DSM CLI inside a Azure DevOps pipeline
# Make sure to upload the executable and the configuration files to your project
# For more information on its usage, please visit https://docs.Segura.io/

trigger:
- main

pool:
  default

steps:
- script: |
    dsm runb \
      --app-name $APPLICATION \
      --system $SYSTEM \
      --environment $ENVIRONMENT \
      --config .config.yml \
      --tool-name azure-devops \
    rm .runb.vars
  displayName: 'DSM CLI Running Belt execution'
  env:
    APPLICATION: $(APPLICATION)
    SYSTEM: $(SYSTEM)
    ENVIRONMENT: $(ENVIRONMENT)
Info

Ensure you have selected the OAuth 2.0 authentication method in the Segura® DSM, as the CLI uses it to fetch information.

User the dsm-cli to inject secrets into pipelines in Azure DevOps

After configuring the DSM CLI in the project, follow the instructions below:

  1. Access Pipelines > Pipelines to run the pipeline.
  2. Select the pipeline you want and click Run Pipeline.
  3. In the next step, click Run.
  4. Then click on the job name to view the details and results of the execution.

The execution output will look like this:

Starting: Segura CLI Running Belt execution
========================================================================
Task		: Command 1ine
Description 	: Run a comand line script using Bash on Linux and macOS and cmd.exe on Windows
Version:	: 2.201.1
Author		: Microsoft Corporation
Help		: https://docs.microsoft.com/azure/devoos/oipelines/tasks/utility/comand-line
========================================================================
Generating script.
============== Starting Command Output ==============
usr/bin/bash --noprofile --norc /home/admin/azure-runner/work/temp/S0e477c1-6798-4F26-ba37-374b0c1bbOSS.sh
Using config file: .config.yml
Registering Application on DevSecOps
Trying to authenticate on Segura DevSecOps API
Authenticated successfully
Application register success
Posting variables in Segura...
Trying to authenticate on Segura DevSecOps API
Athenticated successfully
Posting variables successfully
Finding secrets from application
Trying to authenticate on Segura DevSecOps API
Athenticated successfully
Injecting secrets!
No secrets to be injected!
Deleting azure-devops variables...
No variables to be deleted!
Finishing: Segura CLI Running Belt execution

Do you still have questions? Reach out to the Segura Community.