Creating kubernetes secrets using a Azure pipeline with data from Azure Key Vault Secrets

Hi, can I create kubernetes secrets using a Azure pipeline getting data from Azure Key Vault Secrets?

You can also connect azure key vault to kubernetes as secret store

Can you tell me how please? or any link to read

On doing it from a pipeline or connecting key vault to aks?

On doing it from a pipeline pls

Make secrets available in pipeline: https://docs.microsoft.com/en-us/azure/devops/pipelines/release/azure-key-vault?view=azure-devops
Run kubectl commands from pipeline to create secrets: https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/kubernetes?view=azure-devops#secrets

When the secrets are available in the pipeline, how can I operate with those and where they will be stored?

Did you read the first link? Step 9 shows how to use the key vault variables in the pipeline

Yes I was reading but I am still bit confused though, I am quite new. my 2 doubts are: 1. are the KV secrets stored in the agent machine or where? I am asking because I would like to delete those on disk once completed. 2. how can I create a kubernetes secret? I guess using az-cli? thanks

The secrets are stored in the agent process for that pipeline. They are not stored on disk. They will be cleared when the pipeline ends. The second link tells you how to create the kubernetes secrets using kubectl. You cannot do this with az cli.

I need now to create a secret using the secret got from KV and label it. I can’t find how to do it from the link you gave, is that the right one or I am missing something?

Label it? what do you mean

Kubectl create secret … and kubectl label secret …

I need to do these 2 operations in the pipeline

Not sure if those are possible

https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/kubernetes?view=azure-devops#commands

Your command would be label, your arguments would be secret …

After creating the secret of course

Ok thanks but I am still stuck with getting created the secret. I used as command create, is that correct?

https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kubectl/