home / skills / ntaksh42 / agents / azure-variable-groups

azure-variable-groups skill

safe

This skill helps you manage Azure Pipelines variable groups and Key Vault secrets for environment-specific configurations and seamless pipeline integration.

npx playbooks add skill ntaksh42/agents --skill azure-variable-groups

Review the files below or copy the command above to add this skill to your agents.

Files (1)

SKILL.md

2.0 KB

---
name: azure-variable-groups
description: Manage Azure Pipeline variable groups and library secrets. Use when organizing pipeline variables or managing configuration.
---

# Azure Variable Groups Skill

Azure Pipelinesの変数グループを管理するスキルです。

## 主な機能

- **変数グループ作成**: 共通変数管理
- **Key Vault連携**: シークレット管理
- **環境別変数**: Dev/Staging/Prod
- **パイプライン連携**: 変数グループ使用

## 変数グループ作成

### Azure CLI

```bash
# 変数グループ作成
az pipelines variable-group create \
  --name "Production-Variables" \
  --variables \
    DATABASE_HOST="prod-db.database.windows.net" \
    DATABASE_NAME="proddb" \
    API_URL="https://api.production.example.com" \
  --authorize true

# Key Vaultリンク変数グループ
az pipelines variable-group create \
  --name "Production-Secrets" \
  --variables \
    ConnectionString \
    ApiKey \
  --authorize true

# 変数追加
az pipelines variable-group variable create \
  --group-id 1 \
  --name "NEW_VARIABLE" \
  --value "new-value"
```

## パイプラインでの使用

```yaml
variables:
  - group: Production-Variables
  - group: Production-Secrets

stages:
  - stage: Deploy
    jobs:
      - job: DeployJob
        steps:
          - script: |
              echo "Database: $(DATABASE_HOST)"
              echo "API: $(API_URL)"
            displayName: 'Use Variables'
```

## Key Vault統合

```yaml
# Key Vaultから変数取得
variables:
  - group: KeyVault-Secrets

steps:
  - task: AzureKeyVault@2
    inputs:
      azureSubscription: 'Azure-Connection'
      KeyVaultName: 'MyKeyVault'
      SecretsFilter: '*'
      RunAsPreJob: true
```

## 環境別変数管理

```yaml
# Dev環境
variables:
  - ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/develop') }}:
    - group: Dev-Variables
  
# Prod環境
  - ${{ if eq(variables['Build.SourceBranch'], 'refs/heads/main') }}:
    - group: Prod-Variables
```

## バージョン情報
- Version: 1.0.0

Overview

This skill manages Azure Pipelines variable groups and library secrets to centralize pipeline configuration. It helps create, update, and link variable groups, integrate Azure Key Vault secrets, and reference environment-specific variables across CI/CD pipelines. Use it to simplify secret handling and maintain consistent settings across Dev, Staging, and Prod.

How this skill works

The skill uses Azure CLI commands and pipeline YAML snippets to create and modify variable groups, add individual variables, and authorize groups for pipeline use. It supports linking Key Vault secrets into variable groups and shows how to pull those secrets into pipeline steps with the AzureKeyVault task. Conditional YAML examples demonstrate swapping groups based on branch or environment.

When to use it

Centralizing shared pipeline configuration across multiple pipelines or projects
Storing non-code configuration like database hosts, API endpoints, and feature flags
Injecting secrets from Azure Key Vault into pipelines without hardcoding values
Applying environment-specific variables for Dev, Staging, and Production deployments
Enabling secure, auditable variable management and reuse across teams

Best practices

Keep secrets in Azure Key Vault and link them to variable groups rather than storing plaintext
Authorize variable groups for only the pipelines that need them to reduce blast radius
Use environment- or branch-based conditional groups to avoid manual YAML changes
Name groups clearly (e.g., Prod-Variables, Dev-Variables, Prod-Secrets) for easy discovery
Version control pipeline YAML and restrict CLI access with scoped service principals

Example use cases

Create a Production-Variables group with DB host, DB name, and API URL for deployment pipelines
Link Key Vault secrets to a Production-Secrets group and reference them in release stages
Add a new variable to an existing group via az pipelines variable-group variable create
Conditionally include Dev-Variables when building from the develop branch and Prod-Variables for main
Run an AzureKeyVault@2 step as a pre-job to fetch all secrets before deployment steps

FAQ

Can I store secrets directly in variable groups?

You can, but storing sensitive values in Azure Key Vault and linking them to variable groups is more secure and auditable.

How do I use different variables per environment?

Define separate variable groups per environment and use conditional YAML (branch or runtime expressions) to include the appropriate group.