Key Vault Replication
Replicates Key Vault secrets between Azure Key Vaults in the same subscription.
Azure does not yet offer a way to replicate Key Vault secrets between Key Vaults. Although Azure guarantees a certain level of availability for Key Vault resources, and they offer replication of Key Vaults between paired regions, these protections are insufficient for the following reasons:
This extension attempts to address these limitations for Key Vault secrets. Secrets can be replicated between two Key Vaults in the same Azure subscription.
This extension allows for one-way or two-way replication of secrets. One-way replication can be used to mirror a source Key Vault to a target Key Vault, with the option of deleting extraneous secrets in the target. Two-way replication offers two Key Vaults to be used in tandem, with new secrets and new secret versions being copied in both directions. There are two things to note regarding two-way replication:
Limitations with VSTS's native Key Vault integration
This extension does not currently replicate Certificates or Keys. It also does not replicate Key Vault access policies. Also, this extesion cannot replicate across Azure subscriptions due to limitations inherent to the encryption of Key Vault backup files.
This extension requires two existing Key Vaults in an accessible Azure subscription. These Key Vault resouces must also be accessible from the VSTS service principal that executes the pipeline.
Ensure that the VSTS service principal has sufficient permissions to the source and target Key Vaults
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
See also the list of contributors who participated in this project.
This project is licensed under the MIT License - see the LICENSE.md file for details