FH-Inway · November 24, 2024 12:24
diff --git a/.wrongLineNumber.secrets.baseline b/.wrongLineNumber.secrets.baseline
 {
  "version": "1.5.0",
  "plugins_used": [
    {
      "name": "ArtifactoryDetector"
    },
    {
      "name": "AWSKeyDetector"
    },
    {
      "name": "AzureStorageKeyDetector"
    },
    {
      "name": "Base64HighEntropyString",
      "limit": 4.5
    },
    {
      "name": "BasicAuthDetector"
    },
    {
      "name": "CloudantDetector"
    },
    {
      "name": "DiscordBotTokenDetector"
    },
    {
      "name": "GitHubTokenDetector"
    },
    {
      "name": "GitLabTokenDetector"
    },
    {
      "name": "HexHighEntropyString",
      "limit": 3.0
    },
    {
      "name": "IbmCloudIamDetector"
    },
    {
      "name": "IbmCosHmacDetector"
    },
    {
      "name": "IPPublicDetector"
    },
    {
      "name": "JwtTokenDetector"
    },
    {
      "name": "KeywordDetector",
      "keyword_exclude": ""
    },
    {
      "name": "MailchimpDetector"
    },
    {
      "name": "NpmDetector"
    },
    {
      "name": "OpenAIDetector"
    },
    {
      "name": "PrivateKeyDetector"
    },
    {
      "name": "PypiTokenDetector"
    },
    {
      "name": "SendGridDetector"
    },
    {
      "name": "SlackDetector"
    },
    {
      "name": "SoftlayerDetector"
    },
    {
      "name": "SquareOAuthDetector"
    },
    {
      "name": "StripeDetector"
    },
    {
      "name": "TelegramBotTokenDetector"
    },
    {
      "name": "TwilioKeyDetector"
    }
  ],
  "filters_used": [
    {
      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
    },
    {
      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
      "min_level": 2
    },
    {
      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
    },
    {
      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
    },
    {
      "path": "detect_secrets.filters.heuristic.is_lock_file"
    },
    {
      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
    },
    {
      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
    },
    {
      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
    },
    {
      "path": "detect_secrets.filters.heuristic.is_sequential_string"
    },
    {
      "path": "detect_secrets.filters.heuristic.is_swagger_file"
    },
    {
      "path": "detect_secrets.filters.heuristic.is_templated_secret"
    }
  ],
  "results": {
    "pipeline-golden-database-backup.yml": [
      {
        "type": "Secret Keyword",
        "filename": "pipeline-golden-database-backup.yml",
        "hashed_secret": "097a7515c83eca8ad9c32a60a99b19b32a2d7af3",
        "is_verified": false,
        "line_number": 37
      }
    ]
  },
  "generated_at": "2024-11-24T12:24:05Z"
 }
diff --git a/pipeline-golden-database-backup.yml b/pipeline-golden-database-backup.yml
 # This pipeline is used to backup the Golden environment DB
 # It
 # - Retrievs the azure storage account key
 # - Run the script on VM. script located at /Script/database-backup.ps1

 trigger: none

 parameters:
  - name: DevOpsEnvironment
    displayName: Azure DevOps Environment
    type: string
    default: Environment.resource
  - name: BackupEnvironmentName
    displayName: Backup Environment Name
    type: string
    default: GOLDEN

 variables:
  - group: GOLDEN-DB-Backup

 jobs:
 - deployment:
  displayName: 'Backup ${{ parameters.DevOpsEnvironment }} DB'
  environment: ${{ parameters.DevOpsEnvironment }}
  strategy:
    runOnce:
      deploy:
        steps:
        - checkout: self
        - task: AzureCLI@2
          name: storageKeyTask
          displayName: Fetch Storage Account Key
          inputs:
            azureSubscription: $(AZBackupServiceConnection)
            scriptType: ps
            scriptLocation: inlineScript
            inlineScript: |
              $storageKey = az storage account keys list -g $(StorageAccountResourceGroup) -n $(StorageAccount) --query [0].value
              echo "##vso[task.setvariable variable=storageSecretKey;issecret=true]$storageKey"
        - task: PowerShell@2
          displayName: Run backup script
          inputs:
            filePath: 'Pipelines/Scripts/database-backup.ps1'
            arguments: '-storageAccount $(StorageAccount) -blobContainer $(BlobContainer) -instanceName $(InstanceName) -databaseName $(DatabaseName) -storageKey $(storageSecretKey) -environment ${{ parameters.BackupEnvironmentName }}'
	{
	"version": "1.5.0",
	"plugins_used": [
	{
	"name": "ArtifactoryDetector"
	},
	{
	"name": "AWSKeyDetector"
	},
	{
	"name": "AzureStorageKeyDetector"
	},
	{
	"name": "Base64HighEntropyString",
	"limit": 4.5
	},
	{
	"name": "BasicAuthDetector"
	},
	{
	"name": "CloudantDetector"
	},
	{
	"name": "DiscordBotTokenDetector"
	},
	{
	"name": "GitHubTokenDetector"
	},
	{
	"name": "GitLabTokenDetector"
	},
	{
	"name": "HexHighEntropyString",
	"limit": 3.0
	},
	{
	"name": "IbmCloudIamDetector"
	},
	{
	"name": "IbmCosHmacDetector"
	},
	{
	"name": "IPPublicDetector"
	},
	{
	"name": "JwtTokenDetector"
	},
	{
	"name": "KeywordDetector",
	"keyword_exclude": ""
	},
	{
	"name": "MailchimpDetector"
	},
	{
	"name": "NpmDetector"
	},
	{
	"name": "OpenAIDetector"
	},
	{
	"name": "PrivateKeyDetector"
	},
	{
	"name": "PypiTokenDetector"
	},
	{
	"name": "SendGridDetector"
	},
	{
	"name": "SlackDetector"
	},
	{
	"name": "SoftlayerDetector"
	},
	{
	"name": "SquareOAuthDetector"
	},
	{
	"name": "StripeDetector"
	},
	{
	"name": "TelegramBotTokenDetector"
	},
	{
	"name": "TwilioKeyDetector"
	}
	],
	"filters_used": [
	{
	"path": "detect_secrets.filters.allowlist.is_line_allowlisted"
	},
	{
	"path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
	"min_level": 2
	},
	{
	"path": "detect_secrets.filters.heuristic.is_indirect_reference"
	},
	{
	"path": "detect_secrets.filters.heuristic.is_likely_id_string"
	},
	{
	"path": "detect_secrets.filters.heuristic.is_lock_file"
	},
	{
	"path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
	},
	{
	"path": "detect_secrets.filters.heuristic.is_potential_uuid"
	},
	{
	"path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
	},
	{
	"path": "detect_secrets.filters.heuristic.is_sequential_string"
	},
	{
	"path": "detect_secrets.filters.heuristic.is_swagger_file"
	},
	{
	"path": "detect_secrets.filters.heuristic.is_templated_secret"
	}
	],
	"results": {
	"pipeline-golden-database-backup.yml": [
	{
	"type": "Secret Keyword",
	"filename": "pipeline-golden-database-backup.yml",
	"hashed_secret": "097a7515c83eca8ad9c32a60a99b19b32a2d7af3",
	"is_verified": false,
	"line_number": 37
	}
	]
	},
	"generated_at": "2024-11-24T12:24:05Z"
	}
	# This pipeline is used to backup the Golden environment DB
	# It
	# - Retrievs the azure storage account key
	# - Run the script on VM. script located at /Script/database-backup.ps1

	trigger: none

	parameters:
	- name: DevOpsEnvironment
	displayName: Azure DevOps Environment
	type: string
	default: Environment.resource
	- name: BackupEnvironmentName
	displayName: Backup Environment Name
	type: string
	default: GOLDEN

	variables:
	- group: GOLDEN-DB-Backup

	jobs:
	- deployment:
	displayName: 'Backup ${{ parameters.DevOpsEnvironment }} DB'
	environment: ${{ parameters.DevOpsEnvironment }}
	strategy:
	runOnce:
	deploy:
	steps:
	- checkout: self
	- task: AzureCLI@2
	name: storageKeyTask
	displayName: Fetch Storage Account Key
	inputs:
	azureSubscription: $(AZBackupServiceConnection)
	scriptType: ps
	scriptLocation: inlineScript
	inlineScript: \|
	$storageKey = az storage account keys list -g $(StorageAccountResourceGroup) -n $(StorageAccount) --query [0].value
	echo "##vso[task.setvariable variable=storageSecretKey;issecret=true]$storageKey"
	- task: PowerShell@2
	displayName: Run backup script
	inputs:
	filePath: 'Pipelines/Scripts/database-backup.ps1'
	arguments: '-storageAccount $(StorageAccount) -blobContainer $(BlobContainer) -instanceName $(InstanceName) -databaseName $(DatabaseName) -storageKey $(storageSecretKey) -environment ${{ parameters.BackupEnvironmentName }}'