Overview

This task is used to fetch key-values from Azure App Configuration and set them as task variables which can be consumed by subsequent tasks.

Release notes for this task describing the improvements between versions can be found here.

Introduction

Use in Builds

1. Navigate to the build pipeline page by clicking Pipelines -> Builds.
   • Documentation for build pipelines can be found here.
2. Choose an existing build pipeline. If you don’t have one, click + New to create a new one.
3. Click the Edit button on the top right corner to edit the build pipeline.
4. Navigate to the Tasks tab, and click Job.
5. Click + for that Job, then find the Azure App Configuration task under the Deploy tab, and click the Add button to add this task to the Job.
6. Configure the necessary parameters for the task to pull the wanted key-values from Azure App Configuration instance.
   • An explanation of the parameters is available in the Parameters section below, as well as in tooltips next to the parameter names.
7. Save and queue a build. The build logs will include the total number of key-values that the task pulled from Azure App Configuration.

Use in Releases

1. Navigate to release pipeline page by click Pipelines -> Releases.
   • Documentation for release pipelines.
2. Choose an existing release pipeline. If you don’t have one, click + New to create a new one.
3. Click the Edit button on the top right corner to edit the release pipeline.
4. Choose the stage to add the task, it will be present for all Jobs that under the stage.
5. Click + for that Job, then find the Azure App Configuration task under the Deploy tab, and click the Add button to add this task to the Job.
6. Configure the necessary parameters for the task to pull the wanted key-values from Azure App Configuration instance.
   • An explanation of the parameters is available in the Parameters section below, as well as in tooltips next to the parameter names.
7. Save and queue a release. The release logs will include the total number of key-values that the task pulled from Azure App Configuration.

Authorize service connection

• An Azure DevOps Service connection must be used to authorize the task to access Azure App Configuration.
• The service connection must be assigned to one of the available Azure App Configuration roles for the App Configuration instance that is being targeted. For more information see the Azure App Configuration RBAC documentation.
• To resolve Azure Key Vault references within App Configuration, the service connection must also be granted permission to read secrets in the referenced Azure Key Vaults.

Parameters of the task:

• Azure Subscription: Select the service endpoint for the Azure Subscription where the Azure App Configuration instance is created. To configure a new service connection, select the Azure subscription from the list and click Authorize. If your subscription is not listed or if you want to use an existing Service Principal, you can setup an Azure service connection using the Manage link.

• App Configuration Name: Provide the name of the App Configuration from which the key-values need to be pulled.

• Key Filter: The filter can be used to select what key-values are requested from Azure App Configuration. A value of * will select all key-values. Reference for key-values query.

• Label: Specifies which label should be used when selecting key-values from App Configuration. If no label is provided then key-values with the null label will be retrieved. The following characters are not allowed: , *.

• Trim Key Prefix: Specifies one or more prefixes that should be trimmed from App Configuration keys before setting them as variables. Multiple prefixes can be separated by a new-line character.

Use key-values in subsequent tasks

The key-values that are fetched from Azure App Configuration are set as environment variables. The key of the environment variable is the key of the key-value that is retrieved from Azure App Configuration.

For example, if a subsequent task runs a powershell script, it could consume a key-value with the key 'myBuildSetting' like this:

echo "$env:myBuildSetting"

And the value will be printed to the console.

FAQ

• How do I compose my configuration from multiple keys and labels?

  There are times when configuration may need to be composed from multiple labels, for example, default and dev. Multiple App Configuration tasks may be used in one pipeline to achieve this. The key-values fetched by a task in a later step will supersede any values from previous steps. In the aforementioned example, a task can be used to select key-values with the default label while a second task can select key-values with the dev label. The keys with the dev label will override the same keys with the default label.

Troubleshooting

If the task fails to retrieve expected key-values from Azure App Configuration, debug logs can be enabled by setting the pipeline variable system.debug to true.

• Error message: Access to 'https://example.azconfig.io' was denied. Please ensure the required role assignment is made for the identity running this task.

  Version 2.* and above require the service principal used by the task to be a part of the "Azure App Configuration Data Reader" or "Azure App Configuration Data Owner" roles for the target App Configuration instance. Version 1.* requires the "Contributor" role instead.

• Error message: Access to 'https://example.vault.azure.net/secrets/secretName' was denied. Please ensure the required role assignment is made for the identity running this task.

  Please connect the service connection to target Key Vault by follow step Authorize service connection.

Feedback

• Please report any task functionality related issues at Azure App Configuration Github.