Howdy,Kloudy!
March 20, 2024

Unlocking Secrets: A Guide to Integrate Azure Key Vault with GitLab

Posted on March 20, 2024  •  2 minutes  • 272 words  
Views
Table of contents

Introduction

Lately, I have experienced issues using other popular key vault providers. So, I demonstrated using the Azure key vault in Azure DevOps. A question popped up: How do we use Az key vault in GitLab?

Below links gives the direction…

Isn’t it like breathing? Nope! It is not! This blog post is to show you the easiest way!

I followed the instructions and came up with the most straightforward way

Video

I respect your time and recorded the demonstration.

Prerequisites

Solution

#Create New Service Principal 
New-AzADServicePrincipal -DisplayName '<STRING>'

#Assign reader permision for the SPN on the Azure subscription
New-AzRoleAssignment -ObjectId '<SPN Object ID>' -Scope '/subscriptions/<SUBSCRIPTION ID>' -RoleDefinitionName 'Reader'

#Grant permission on the Azure key vault (For demo, I am granting admin permission)
New-AzRoleAssignment -ApplicationId '<APPLICATION ID>' -Scope '/subscriptions/<SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP NAME>/providers/Microsoft.KeyVault/vaults/<KEY VAULT NAME>' -RoleDefinitionName 'Key Vault Administrator'

#Create Azure AD application federated credential
$Params = @{
    ApplicationObjectId = 'APPLICATION OBJECT ID'
    Audience            = 'https://gitlab.com' 
    Issuer              = 'https://gitlab.com' 
    Name                = 'gitlab-federated-identity' 
    Subject             = 'project_path:<GROUP>/<PROJECT>:ref_type:branch:ref:<BRANCH NAME>' 
    Description         = 'GL Service Account Federated Identity' 
}

New-AzADAppFederatedCredential @Params

Explanation

References

Social Networking

Let us stay connected to learn, share and grow!