Skip to content

Commit

Permalink
#13433: product builds secret configuration (#7583)
Browse files Browse the repository at this point in the history
  • Loading branch information
jakubstilec authored Jul 13, 2021
1 parent bb041fc commit 1b053ba
Show file tree
Hide file tree
Showing 4 changed files with 259 additions and 0 deletions.
84 changes: 84 additions & 0 deletions .vault-config/product-builds-dnceng-pipeline-secrets.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
storageLocation:
type: azure-key-vault
parameters:
subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
name: dnceng-pipeline-secrets

secrets:
#DotNet-DotNetCli-Storage
dotnetcli-storage-key:
type: text
parameters:
description: set to never expire

dotnetclichecksums-storage-key:
type: text
parameters:
description: set to never expire

#DotNet-MSRC-Storage
dotnetbuilddropsmsrc-access-key:
type: text
parameters:
description: set to never expire

dotnetclichecksumsmsrc-storage-key:
type: text
parameters:
description: set to never expire

dotnetclimsrc-access-key:
type: text
parameters:
description: set to never expire

dotnetclimsrc-private-feed-url:
type: text
parameters:
description: created manually from SAS in the format https://dotnetclimsrc.azurewebsites.net/sig/{sig}/se{se}

dotnetclimsrc-connection-string:
type: azure-storage-connection-string
parameters:
storageKeySecret: dotnetclimsrc-access-key
account: dotnetclimsrc

dotnetclimsrc-read-sas-token:
type: azure-storage-container-sas-token
parameters:
connectionString: dotnetclimsrc-connection-string
permissions: rl
container: dotnet

dotnetclimsrc-read-sas-token-base64:
type: base64-encoder
parameters:
secret: dotnetclimsrc-read-sas-token

dotnetfeedmsrc-private-feed-url:
type: text
parameters:
description: created manually from SAS in the format https://dotnetfeedmsrc.azurewebsites.net/sig/{sig}/se{se}

dotnetfeedmsrc-storage-access-key-1:
type: text
parameters:
description: set to never expire

dotnetfeedmsrc-connection-string:
type: azure-storage-connection-string
parameters:
storageKeySecret: dotnetfeedmsrc-storage-access-key-1
account: dotnetfeedmsrc

dotnetfeedmsrc-read-sas-token:
type: azure-storage-container-sas-token
parameters:
connectionString: dotnetfeedmsrc-connection-string
permissions: r
container: $root

dotnetfeedmsrc-read-sas-token-base64:
type: base64-encoder
parameters:
secret: dotnetfeedmsrc-read-sas-token
144 changes: 144 additions & 0 deletions .vault-config/product-builds-engkeyvault.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,144 @@
storageLocation:
type: azure-key-vault
parameters:
subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
name: EngKeyVault

references:
helixkv:
type: azure-key-vault
parameters:
subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
name: helixkv

secrets:
BotAccount-dotnet-maestro-bot:
type: github-account
parameters:
Name: dotnet-maestro-bot

#DotNet-Blob-Feed
dotnetfeed-storage-access-key-1:
type: azure-storage-key
parameters:
subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
account: dotnetfeed

#Publish-Build-Assets
MaestroAccessToken:
type: maestro-access-token
parameters:
environment: maestro-prod.westus2.cloudapp.azure.com

BotAccount-dotnet-maestro-bot-PAT:
type: github-access-token
parameters:
gitHubBotAccountSecret: BotAccount-dotnet-maestro-bot
gitHubBotAccountName: dotnet-maestro-bot

dn-bot-dnceng-build-rw-code-rw:
type: azure-devops-access-token
parameters:
domainAccountName: dn-bot
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
name: dn-bot-dnceng-build
organization: dnceng

akams:
type: github-oauth-secret
parameters:
appName: akams
description: set to never expire

publishing-dnceng-devdiv-code-r-build-re:
type: azure-devops-access-token
parameters:
domainAccountName: dn-bot
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
name: publishing-dnceng-devdiv-code
organization: dnceng

dn-bot-dotnet-build-rw-code-rw:
type: azure-devops-access-token
parameters:
domainAccountName: dn-bot
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
name: dn-bot-dotnet-build
organization: dnceng

dn-bot-all-orgs-build-rw-code-rw:
type: azure-devops-access-token
parameters:
domainAccountName: dn-bot
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
name: dn-bot-all-orgs-build
organization: dnceng

#DotNet-AllOrgs-Darc-Pats
dn-bot-devdiv-dnceng-rw-code-pat:
type: azure-devops-access-token
parameters:
domainAccountName: dn-bot
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
name: dn-bot-devdiv-dnceng
organization: dnceng

#AzureDevOps-Artifact-Feeds-Pats
dn-bot-dnceng-artifact-feeds-rw:
type: azure-devops-access-token
parameters:
domainAccountName: dn-bot
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
name: dn-bot-dnceng-artifact-feeds
organization: dnceng

dn-bot-dnceng-universal-packages-rw:
type: azure-devops-access-token
parameters:
domainAccountName: dn-bot
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
name: dn-bot-dnceng-universal-packages
organization: dnceng

dn-bot-all-orgs-artifact-feeds-rw:
type: azure-devops-access-token
parameters:
domainAccountName: dn-bot
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
name: dn-bot-all-orgs-artifact-feeds
organization: dnceng

#DotNet-Symbol-Server-Pats
microsoft-symbol-server-pat:
type: azure-devops-access-token
parameters:
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
name: microsoft-symbol-server-pat
organization: dnceng

symweb-symbol-server-pat:
type: azure-devops-access-token
parameters:
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
name: dn-symweb-symbol-server-pat
organization: dnceng
11 changes: 11 additions & 0 deletions .vault-config/product-builds-helixprodkv.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
storageLocation:
type: azure-key-vault
parameters:
subscription: 68672ab8-de0c-40f1-8d1b-ffb20bd62c0f
name: HelixProdKV

secrets:
HelixApiAccessToken:
type: helix-access-token
parameters:
environment: helix.dot.net
20 changes: 20 additions & 0 deletions .vault-config/product-builds-netsourceindexvault.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
storageLocation:
type: azure-key-vault
parameters:
subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
name: netsourceindexvault

secrets:
source-dot-net-stage1-connection-string:
type: azure-storage-connection-string
parameters:
subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
account: netsourceindexstage1

#source-dot-net stage1 variables
source-dot-net-stage1-blob-container-url:
type: azure-storage-container-sas-uri
parameters:
connectionString: source-dot-net-stage1-connection-string
permissions: racwdl
container: stage1

0 comments on commit 1b053ba

Please sign in to comment.