VSTS Release Management - using certificates

Question

I am using VSTS RM to deploy bits to my dev/int/prod environments.

After the deployment completes in dev and before proceeding to int, I want to add a validation step. The validation step basically is a REST API call to a service which requires cert authentication.

From my machine, I am able to authenticate correctly since i have the cert installed on my machine.

How do I achieve this in VSTS RM ?

score 1 · Answer 1 · answered Nov 22 '17 at 07:54

1

Try to import the certificate by using this PowerShell script:

$pfxpath = 'pathtoees.pfx'
$password = 'password'

Add-Type -AssemblyName System.Security
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import($pfxpath, $password, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]"PersistKeySet")
$store = new-object system.security.cryptography.X509Certificates.X509Store -argumentlist "MY", CurrentUser
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]"ReadWrite")
$store.Add($cert)
$store.Close()

Related thread: Visual studio team services deploymen/buildt certificate error

answered Nov 22 '17 at 07:54

starian chen-MSFT

33,174
2
29
53

This is interesting, worth a try. Though having the password in clear text is far from ideal. I was hoping there was a direct integration with Azure Key Vault to pull the cert and use it. I guess I can do that in the script as well instead of checking in the cert, but then again the the key vault secret key would be in the script. – dparkar Nov 22 '17 at 18:46
1

@dparkar Regard the password in clear text, you can store the password in a [Secret Variable](https://learn.microsoft.com/en-us/vsts/build-release/concepts/definitions/build/variables?tabs=powershell) and pass it to the script through argument. Regarding Azure Key Vault, you can link azure key vault to build or release, also [Azure Key Vault task](https://learn.microsoft.com/en-us/vsts/build-release/tasks/deploy/azure-key-vault) can do it too. – starian chen-MSFT Nov 23 '17 at 01:26
Nice ! I'll give this a shot and follow up. – dparkar Nov 23 '17 at 01:35

score 0 · Answer 2 · answered Nov 22 '17 at 07:39

0

If you are using Hosted agents you cannot install certificates, so you need to use Private agent to install certificate.

answered Nov 22 '17 at 07:39

Sheethal J S

420
2
7

Yeah, I agree that using private agents it will definitely work. But I am trying to see if there is any way to do it without maintaining the infrastructure. – dparkar Nov 22 '17 at 18:42

VSTS Release Management - using certificates

2 Answers2