Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

#13433: product builds secret configuration #7583

Merged
merged 7 commits into from
Jul 13, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
84 changes: 84 additions & 0 deletions .vault-config/product-builds-dnceng-pipeline-secrets.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
storageLocation:
type: azure-key-vault
parameters:
subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
name: dnceng-pipeline-secrets

secrets:
#DotNet-DotNetCli-Storage
dotnetcli-storage-key:
type: text
parameters:
description: set to never expire

dotnetclichecksums-storage-key:
type: text
parameters:
description: set to never expire

#DotNet-MSRC-Storage
dotnetbuilddropsmsrc-access-key:
type: text
parameters:
description: set to never expire

dotnetclichecksumsmsrc-storage-key:
type: text
parameters:
description: set to never expire

dotnetclimsrc-access-key:
type: text
parameters:
description: set to never expire

dotnetclimsrc-private-feed-url:
type: text
parameters:
description: created manually from SAS in the format https://dotnetclimsrc.azurewebsites.net/sig/{sig}/se{se}

dotnetclimsrc-connection-string:
type: azure-storage-connection-string
parameters:
storageKeySecret: dotnetclimsrc-access-key
account: dotnetclimsrc

dotnetclimsrc-read-sas-token:
type: azure-storage-container-sas-token
parameters:
connectionString: dotnetclimsrc-connection-string
permissions: rl
container: dotnet

dotnetclimsrc-read-sas-token-base64:
type: base64-encoder
parameters:
secret: dotnetclimsrc-read-sas-token

dotnetfeedmsrc-private-feed-url:
type: text
parameters:
description: created manually from SAS in the format https://dotnetfeedmsrc.azurewebsites.net/sig/{sig}/se{se}

dotnetfeedmsrc-storage-access-key-1:
type: text
parameters:
description: set to never expire

dotnetfeedmsrc-connection-string:
type: azure-storage-connection-string
parameters:
storageKeySecret: dotnetfeedmsrc-storage-access-key-1
account: dotnetfeedmsrc

jakubstilec marked this conversation as resolved.
Show resolved Hide resolved
dotnetfeedmsrc-read-sas-token:
type: azure-storage-container-sas-token
parameters:
connectionString: dotnetfeedmsrc-connection-string
permissions: r
container: $root

dotnetfeedmsrc-read-sas-token-base64:
type: base64-encoder
parameters:
secret: dotnetfeedmsrc-read-sas-token
144 changes: 144 additions & 0 deletions .vault-config/product-builds-engkeyvault.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,144 @@
storageLocation:
type: azure-key-vault
parameters:
subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
name: EngKeyVault

references:
helixkv:
type: azure-key-vault
parameters:
subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
name: helixkv

secrets:
BotAccount-dotnet-maestro-bot:
type: github-account
parameters:
Name: dotnet-maestro-bot

#DotNet-Blob-Feed
dotnetfeed-storage-access-key-1:
type: azure-storage-key
parameters:
subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
account: dotnetfeed

#Publish-Build-Assets
MaestroAccessToken:
type: maestro-access-token
parameters:
environment: maestro-prod.westus2.cloudapp.azure.com

BotAccount-dotnet-maestro-bot-PAT:
type: github-access-token
parameters:
gitHubBotAccountSecret: BotAccount-dotnet-maestro-bot
gitHubBotAccountName: dotnet-maestro-bot

dn-bot-dnceng-build-rw-code-rw:
type: azure-devops-access-token
parameters:
domainAccountName: dn-bot
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
name: dn-bot-dnceng-build
organization: dnceng

akams:
type: github-oauth-secret
parameters:
appName: akams
description: set to never expire

publishing-dnceng-devdiv-code-r-build-re:
type: azure-devops-access-token
parameters:
domainAccountName: dn-bot
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
name: publishing-dnceng-devdiv-code
organization: dnceng

dn-bot-dotnet-build-rw-code-rw:
type: azure-devops-access-token
parameters:
domainAccountName: dn-bot
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
name: dn-bot-dotnet-build
organization: dnceng

dn-bot-all-orgs-build-rw-code-rw:
type: azure-devops-access-token
parameters:
domainAccountName: dn-bot
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
name: dn-bot-all-orgs-build
organization: dnceng

#DotNet-AllOrgs-Darc-Pats
dn-bot-devdiv-dnceng-rw-code-pat:
type: azure-devops-access-token
parameters:
domainAccountName: dn-bot
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
name: dn-bot-devdiv-dnceng
organization: dnceng

#AzureDevOps-Artifact-Feeds-Pats
dn-bot-dnceng-artifact-feeds-rw:
type: azure-devops-access-token
parameters:
domainAccountName: dn-bot
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
name: dn-bot-dnceng-artifact-feeds
organization: dnceng

dn-bot-dnceng-universal-packages-rw:
type: azure-devops-access-token
parameters:
domainAccountName: dn-bot
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
name: dn-bot-dnceng-universal-packages
organization: dnceng

dn-bot-all-orgs-artifact-feeds-rw:
type: azure-devops-access-token
parameters:
domainAccountName: dn-bot
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
name: dn-bot-all-orgs-artifact-feeds
organization: dnceng

#DotNet-Symbol-Server-Pats
microsoft-symbol-server-pat:
type: azure-devops-access-token
parameters:
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
name: microsoft-symbol-server-pat
organization: dnceng

symweb-symbol-server-pat:
type: azure-devops-access-token
parameters:
domainAccountSecret:
location: helixkv
name: dn-bot-account-redmond
name: dn-symweb-symbol-server-pat
organization: dnceng
11 changes: 11 additions & 0 deletions .vault-config/product-builds-helixprodkv.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
storageLocation:
type: azure-key-vault
parameters:
subscription: 68672ab8-de0c-40f1-8d1b-ffb20bd62c0f
name: HelixProdKV

secrets:
HelixApiAccessToken:
type: helix-access-token
parameters:
environment: helix.dot.net
20 changes: 20 additions & 0 deletions .vault-config/product-builds-netsourceindexvault.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
storageLocation:
type: azure-key-vault
parameters:
subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
name: netsourceindexvault

secrets:
source-dot-net-stage1-connection-string:
type: azure-storage-connection-string
parameters:
subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
account: netsourceindexstage1

#source-dot-net stage1 variables
source-dot-net-stage1-blob-container-url:
type: azure-storage-container-sas-uri
parameters:
connectionString: source-dot-net-stage1-connection-string
permissions: racwdl
container: stage1