Hanzo
PlatformHanzo KMSIntegrationsSecret Syncs

Azure DevOps Sync

Learn how to configure a Azure DevOps Sync for Hanzo KMS.

Prerequisites:

  • Set up and add secrets to Hanzo KMS Cloud
  • Create an Azure DevOps Connection
  • Ensure your network security policies allow incoming requests from Hanzo KMS to this secret sync provider, if network restrictions apply.

  1. Navigate to Project > Integrations and select the Secret Syncs tab. Click on the Add Sync button. Secret Syncs Tab

  2. Select the Azure DevOps option. Select Azure DevOps

  3. Configure the Source from where secrets should be retrieved, then click Next. Configure Source

    • Environment: The project environment to retrieve secrets from.
    • Secret Path: The folder path to retrieve secrets from.

If you need to sync secrets from multiple folder locations, check out secret imports.

  1. Configure the Destination to where secrets should be deployed, then click Next. Configure Destination

    • Azure DevOps Connection: The Azure DevOps Connection to authenticate with.
    • Project: The Azure DevOps project to deploy secrets to.

  2. Configure the Sync Options to specify how secrets should be synced, then click Next. Configure Options

    • Initial Sync Behavior: Determines how Hanzo KMS should resolve the initial sync.
      • Overwrite Destination Secrets: Removes any secrets at the destination endpoint not present in Hanzo KMS.

      Azure Devops does not support importing secrets.

    • Key Schema: Template that determines how secret names are transformed when syncing, using {{secretKey}} as a placeholder for the original secret name.
    • Auto-Sync Enabled: If enabled, secrets will automatically be synced from the source location when changes occur. Disable to enforce manual syncing only.
    • Disable Secret Deletion: If enabled, Hanzo KMS will not remove secrets from the sync destination. Enable this option if you intend to manage some secrets manually outside of Hanzo KMS.

  3. Configure the Details of your Azure DevOps Sync, then click Next. Configure Details

    • Name: The name of your sync. Must be slug-friendly.
    • Description: An optional description for your sync.

  4. Review your Azure DevOps Sync configuration, then click Create Sync. Confirm Configuration

  5. If enabled, your Azure DevOps Sync will begin syncing your secrets to the destination endpoint. Sync Secrets

To create a Azure DevOps Sync, make an API request to the Create Azure DevOps Sync API endpoint.

Sample request

curl --request POST \
--url https://app.kms.hanzo.ai/api/v1/secret-syncs/azure-devops \
--header 'Content-Type: application/json' \
--data '{
    "name": "my-devops-sync",
    "projectId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "description": "an example sync",
    "connectionId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "environment": "dev",
    "secretPath": "/my-secrets",
    "isEnabled": true,
    "syncOptions": {
       "initialSyncBehavior": "overwrite-destination",
       "disableSecretDeletion": true
    },
    "destinationConfig": {
        "devopsProjectId": "12345678-90ab-cdef-1234-567890abcdef",
        "devopsProjectName": "example-project"
    }
}'

Sample response

{
    "secretSync": {
        "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "name": "my-devops-sync",
        "description": "an example sync",
        "isEnabled": true,
        "version": 1,
        "folderId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "connectionId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "createdAt": "2023-11-07T05:31:56Z",
        "updatedAt": "2023-11-07T05:31:56Z",
        "syncStatus": "succeeded",
        "lastSyncJobId": "123",
        "lastSyncMessage": null,
        "lastSyncedAt": "2023-11-07T05:31:56Z",
        "importStatus": null,
        "lastImportJobId": null,
        "lastImportMessage": null,
        "lastImportedAt": null,
        "removeStatus": null,
        "lastRemoveJobId": null,
        "lastRemoveMessage": null,
        "lastRemovedAt": null,
        "syncOptions": {
            "initialSyncBehavior": "overwrite-destination",
            "keySchema": "PIPELINE_${secretKey}",
            "disableSecretDeletion": true
        },
        "connection": {
            "app": "azure-devops",
            "name": "Production DevOps Organization",
            "id": "8b92f5cc-3g77-5e80-6666-6ff57069385d"
        },
        "environment": {
            "slug": "production",
            "name": "Production Environment",
            "id": "4f16j9gg-7k11-9i23-2222-2jj91403729h"
        },
        "folder": {
            "id": "5a71e8dd-2f66-4d70-7777-7cc46958274c",
            "path": "/devops/pipeline-secrets"
        },
        "destination": "azure-devops",
        "destinationConfig": {
            "devopsProjectId": "12345678-90ab-cdef-1234-567890abcdef",
            "devopsProjectName": "example-project"
        }
    }
}

How is this guide?

Last updated on

Azure App Configuration Sync

Learn how to configure an Azure App Configuration Sync for Hanzo KMS.

Azure Key Vault Sync

Learn how to configure a Azure Key Vault Sync for Hanzo KMS.

On this page

Sample request
Sample response