#13433: product builds secret configuration (#7583)

Author: jakubstilec

.vault-config/product-builds-dnceng-pipeline-secrets.yaml

@@ -0,0 +1,84 @@
+storageLocation:
+  type: azure-key-vault
+  parameters:
+    subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
+    name: dnceng-pipeline-secrets
+
+secrets:
+  #DotNet-DotNetCli-Storage
+  dotnetcli-storage-key:
+    type: text
+    parameters:
+      description: set to never expire
+
+  dotnetclichecksums-storage-key:
+    type: text
+    parameters:
+      description: set to never expire
+
+  #DotNet-MSRC-Storage
+  dotnetbuilddropsmsrc-access-key:
+    type: text
+    parameters:
+      description: set to never expire
+
+  dotnetclichecksumsmsrc-storage-key:
+    type: text
+    parameters:
+      description: set to never expire
+
+  dotnetclimsrc-access-key:
+    type: text
+    parameters:
+      description: set to never expire
+
+  dotnetclimsrc-private-feed-url:
+    type: text
+    parameters:
+      description: created manually from SAS in the format https://dotnetclimsrc.azurewebsites.net/sig/{sig}/se{se}
+
+  dotnetclimsrc-connection-string:
+    type: azure-storage-connection-string
+    parameters:
+      storageKeySecret: dotnetclimsrc-access-key
+      account: dotnetclimsrc
+
+  dotnetclimsrc-read-sas-token:
+    type: azure-storage-container-sas-token
+    parameters:
+      connectionString: dotnetclimsrc-connection-string
+      permissions: rl
+      container: dotnet
+
+  dotnetclimsrc-read-sas-token-base64:
+    type: base64-encoder
+    parameters:
+      secret: dotnetclimsrc-read-sas-token
+
+  dotnetfeedmsrc-private-feed-url:
+    type: text
+    parameters:
+      description: created manually from SAS in the format https://dotnetfeedmsrc.azurewebsites.net/sig/{sig}/se{se}
+
+  dotnetfeedmsrc-storage-access-key-1:
+    type: text
+    parameters:
+      description: set to never expire
+
+  dotnetfeedmsrc-connection-string:
+    type: azure-storage-connection-string
+    parameters:
+      storageKeySecret: dotnetfeedmsrc-storage-access-key-1
+      account: dotnetfeedmsrc
+
+  dotnetfeedmsrc-read-sas-token:
+    type: azure-storage-container-sas-token
+    parameters:
+      connectionString: dotnetfeedmsrc-connection-string
+      permissions: r
+      container: $root
+
+  dotnetfeedmsrc-read-sas-token-base64:
+    type: base64-encoder
+    parameters:
+      secret: dotnetfeedmsrc-read-sas-token

.vault-config/product-builds-engkeyvault.yaml

@@ -0,0 +1,144 @@
+storageLocation:
+  type: azure-key-vault
+  parameters:
+    subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
+    name: EngKeyVault
+
+references:
+  helixkv:
+    type: azure-key-vault
+    parameters:
+      subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
+      name: helixkv
+
+secrets:
+  BotAccount-dotnet-maestro-bot:
+    type: github-account
+    parameters:
+      Name: dotnet-maestro-bot
+
+  #DotNet-Blob-Feed
+  dotnetfeed-storage-access-key-1:
+    type: azure-storage-key
+    parameters:
+      subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
+      account: dotnetfeed
+
+  #Publish-Build-Assets
+  MaestroAccessToken:
+    type: maestro-access-token
+    parameters:
+      environment: maestro-prod.westus2.cloudapp.azure.com
+
+  BotAccount-dotnet-maestro-bot-PAT:
+    type: github-access-token
+    parameters:
+      gitHubBotAccountSecret: BotAccount-dotnet-maestro-bot
+      gitHubBotAccountName: dotnet-maestro-bot
+
+  dn-bot-dnceng-build-rw-code-rw:
+    type: azure-devops-access-token
+    parameters:
+      domainAccountName: dn-bot
+      domainAccountSecret:
+          location: helixkv
+          name: dn-bot-account-redmond
+      name: dn-bot-dnceng-build
+      organization: dnceng
+
+  akams:
+    type: github-oauth-secret
+    parameters:
+      appName: akams
+      description: set to never expire
+
+  publishing-dnceng-devdiv-code-r-build-re:
+    type: azure-devops-access-token
+    parameters:
+      domainAccountName: dn-bot
+      domainAccountSecret:
+          location: helixkv
+          name: dn-bot-account-redmond
+      name: publishing-dnceng-devdiv-code
+      organization: dnceng
+
+  dn-bot-dotnet-build-rw-code-rw:
+    type: azure-devops-access-token
+    parameters:
+      domainAccountName: dn-bot
+      domainAccountSecret:
+          location: helixkv
+          name: dn-bot-account-redmond
+      name: dn-bot-dotnet-build
+      organization: dnceng
+
+  dn-bot-all-orgs-build-rw-code-rw:
+    type: azure-devops-access-token
+    parameters:
+      domainAccountName: dn-bot
+      domainAccountSecret:
+          location: helixkv
+          name: dn-bot-account-redmond
+      name: dn-bot-all-orgs-build
+      organization: dnceng
+
+  #DotNet-AllOrgs-Darc-Pats
+  dn-bot-devdiv-dnceng-rw-code-pat:
+    type: azure-devops-access-token
+    parameters:
+      domainAccountName: dn-bot
+      domainAccountSecret:
+          location: helixkv
+          name: dn-bot-account-redmond
+      name: dn-bot-devdiv-dnceng
+      organization: dnceng
+
+  #AzureDevOps-Artifact-Feeds-Pats
+  dn-bot-dnceng-artifact-feeds-rw:
+    type: azure-devops-access-token
+    parameters:
+      domainAccountName: dn-bot
+      domainAccountSecret:
+          location: helixkv
+          name: dn-bot-account-redmond
+      name: dn-bot-dnceng-artifact-feeds
+      organization: dnceng
+
+  dn-bot-dnceng-universal-packages-rw:
+    type: azure-devops-access-token
+    parameters:
+      domainAccountName: dn-bot
+      domainAccountSecret:
+          location: helixkv
+          name: dn-bot-account-redmond
+      name: dn-bot-dnceng-universal-packages
+      organization: dnceng
+
+  dn-bot-all-orgs-artifact-feeds-rw:
+    type: azure-devops-access-token
+    parameters:
+      domainAccountName: dn-bot
+      domainAccountSecret:
+          location: helixkv
+          name: dn-bot-account-redmond
+      name: dn-bot-all-orgs-artifact-feeds
+      organization: dnceng
+
+  #DotNet-Symbol-Server-Pats
+  microsoft-symbol-server-pat:
+    type: azure-devops-access-token
+    parameters:
+      domainAccountSecret:
+          location: helixkv
+          name: dn-bot-account-redmond
+      name: microsoft-symbol-server-pat
+      organization: dnceng
+
+  symweb-symbol-server-pat:
+    type: azure-devops-access-token
+    parameters:
+      domainAccountSecret:
+          location: helixkv
+          name: dn-bot-account-redmond
+      name: dn-symweb-symbol-server-pat
+      organization: dnceng

.vault-config/product-builds-helixprodkv.yaml

@@ -0,0 +1,11 @@
+storageLocation:
+  type: azure-key-vault
+  parameters:
+    subscription: 68672ab8-de0c-40f1-8d1b-ffb20bd62c0f
+    name: HelixProdKV
+
+secrets:
+  HelixApiAccessToken:
+    type: helix-access-token
+    parameters:
+      environment: helix.dot.net

.vault-config/product-builds-netsourceindexvault.yaml

@@ -0,0 +1,20 @@
+storageLocation:
+  type: azure-key-vault
+  parameters:
+    subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
+    name: netsourceindexvault
+
+secrets:
+  source-dot-net-stage1-connection-string:
+    type: azure-storage-connection-string
+    parameters:
+      subscription: a4fc5514-21a9-4296-bfaf-5c7ee7fa35d1
+      account: netsourceindexstage1
+
+  #source-dot-net stage1 variables
+  source-dot-net-stage1-blob-container-url:
+    type: azure-storage-container-sas-uri
+    parameters:
+      connectionString: source-dot-net-stage1-connection-string
+      permissions: racwdl
+      container: stage1