Help Center

Security

Improvement

Announcement

spacelift

👀 In Review

➡️ Planned

⚙️ In Progress

✅ Completed

❌ Rejected

⬆️ Gathering votes

🗑️ Archived

🔭 Discovery

Access Control

Ansible

Blueprints

CloudFormation

Contexts

UI/UX

Integrations

Stacks

Workers

IaC Workflows

Spaces

Policies

Resources

Filters

Spacectl

Pulumi

Kubernetes

Dashboard

Terraform registry

Terragrunt

Stack Dependencies

Logs

Drift Detection

Spacelift Provider

Notifications

OpenTofu

Helm

OIDC

Observability

Self-hosted

👨‍💻Solutions Eng Requests

👩🏻‍💻Support Requests

Feature Requests Roadmap

Got an idea for a feature request? Let us know! Share your ideas on improving existing features or suggest something new. Vote on ideas you find useful!Make sure to read our <a target="" rel="noopener noreferrer nofollow" class="link" href="https://docs.spacelift.io/product/feature-requests">guidelines</a> before posting 📖

Feature Requests

Hey {name|there}! 👋

Today, we have stack specific secrets that live in Azure Key Vault. To use them in Spacelift, we end up duplicating them into a Spacelift context or stack environment variables, so we have to maintain the same value both in Key Vault and in Spacelift. That creates extra work, increases the chance of drift, and makes rotation harder.What I would like is a native way in Spacelift to reference an external secret store, starting with Azure Key Vault. For example, instead of pasting the value into a context, I want to be able to define something like “this variable comes from Key Vault secret X” and have Spacelift fetch it at runtime using the stack’s identity, service principal, or managed identity.This is similar to how Azure DevOps variable groups can pull from Key Vault, if the identity has access, the secret becomes available as a variable during the run.

External secrets and certificates from Key Vault

hidden

Spacelift

External secrets and certificates from Key Vault

Subscribe to post

Subscribe to post