---
title: "Fortanix DSM with Azure DevOps"
slug: "fortanix-dsm-with-azure-devops"
updated: 2026-06-11T09:22:17Z
published: 2026-06-11T09:22:17Z
canonical: "support.fortanix.com/fortanix-dsm-with-azure-devops"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.fortanix.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Fortanix DSM with Azure DevOps

## 1.0 Introduction

This article describes how to integrate**Fortanix-Data-Security-Manager (DSM)**with **Azure DevOps** to securely access secrets within Azure DevOps pipelines.

Azure DevOps is an end-to-end development platform that helps organize and accelerate software delivery across the application lifecycle. To securely manage secrets in Azure DevOps pipelines, a reliable secret management solution is required.

## 2.0 Prerequisites

Before proceeding with the integration, ensure the following prerequisites are met:

- An Azure DevOps organization should be configured as explained in the [*Azure DevOps official documentation*](https://learn.microsoft.com/en-us/azure/devops/get-started/?view=azure-devops).
- Fortanix DSM must be accessible. *For more information, refer to*[*Section 5.1: Signing Up*](/v1/docs/fortanix-dsm-with-azure-devops#51-signing-up)**and**[*Section 5.2: Creating an Account*](/v1/docs/fortanix-dsm-with-azure-devops#52-creating-an-account).
- The secrets should be stored in the Fortanix DSM account.

## 3.0 Product Tested Version

The following product versions were tested:

- Fortanix DSM version 5.6.2930 or later.
- Node.js version 20 or later.
- Azure Pipelines version 2.2.8
- TypeScript version 5.9.3
- @types/node version 25.4.0
- tfx CLI version 0.23.1

## 4.0 Architecture Diagram

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/fortanix-dsm-with-azure-devops-image-o09gsc42.png)

**Figure 1: Architecture diagram**

Users initiate Azure DevOps pipelines to execute automated workflows. During pipeline execution, the pipeline retrieves a Fortanix API key from an environment variable, which is stored as a secret to authenticate securely.

Using this API key, the pipeline communicates with Fortanix DSM to fetch the required secret. The retrieved secret is used within the pipeline runtime and can be consumed by Azure applications, ensuring secure access and management of sensitive data throughout the workflow.

## 5.0 Configure Fortanix DSM

A Fortanix DSM service must be configured, and the URL must be accessible. To create a Fortanix DSM account and group, refer to the following sections:

### 5.1 Signing Up

To get started with the Fortanix DSM cloud service, you must register an account at <Your_DSM_Service_URL>. For example, [https://amer.smartkey.io](https://amer.smartkey.io). On-premises customers use the KMS URL, and the SaaS customers can use the URLs as listed [*here*](https://support.fortanix.com/hc/en-us/articles/4406135346068-Fortanix-DSM-SaaS-Global-Availability-Map) based on the application region.

*For more information on how to set up the Fortanix DSM, refer to*[*Sign Up for Fortanix Data Security Manager SaaS*](https://support.fortanix.com/docs/users-guide-sign-up-for-fortanix-data-security-manager-saas)*.*

### 5.2 Creating an Account

Access <Your_DSM_Service_URL> in a web browser and enter your credentials to log in to Fortanix DSM.

![A screenshot of a login screen  AI-generated content may be incorrect.](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/fortanix-dsm-with-azure-devops-image-9vry4fxd.png)

**Figure 2: Logging In**

*For more information on how to set up an account in Fortanix DSM, refer to*[*Getting Started with Fortanix DSM - UI*](https://support.fortanix.com/docs/users-guide-getting-started-with-fortanix-data-security-manager-ui#30-setting-up-an-account)*.*

### 5.3 Creating a Group

Perform the following steps to create a group in the Fortanix DSM:

1. In the DSM left navigation panel, click the **Groups**menu item, and then click **ADD GROUP** to create a new group.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/fortanix-dsm-with-azure-devops-image-o6xzvm5g.png)

**Figure 3: Add a group**
2. On the **Adding new group** page:
  1. **Title**: Enter a name for your group.
  2. **Description**(optional): Enter a short description of the group.
3. Click **SAVE** to create the new group.

The new group is added to the Fortanix DSM successfully.

### 5.4 Creating an Application

Perform the following steps to create an application (app) in the Fortanix DSM:

1. In the DSM left navigation panel, click the **Apps**menu item, and then click **ADD APP** to create a new app.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/fortanix-dsm-with-azure-devops-image-64p6s4fd.png)

**Figure 4: Add an application**
2. On the **Adding new app** page:
  1. **App name:**Enter the name for your application.
  2. **ADD DESCRIPTION**(optional): Enter a short description of the application.
  3. **Authentication method:**Select the default **API Key** as the authentication method from the drop down menu. *For more information on these authentication methods, refer to*[*Authentication*](https://support.fortanix.com/hc/en-us/articles/360033272171-User-s-Guide-Authentication)*.*
  4. **Assigning the new app to groups:**Select the group created in [*Section 5.3: Creating a Group*](/v1/docs/fortanix-dsm-with-azure-devops#53-creating-a-group)from the list.
3. Click **SAVE** to add the new application.

The new application is added to the Fortanix DSM successfully.

### 5.5 Copying the API Key

Perform the following steps to copy the API key from the Fortanix DSM:

1. In the DSM left navigation panel, click the **Apps**menu item, and then click the app created in [*Section 5.4: Creating an Application*](/v1/docs/fortanix-dsm-with-azure-devops#54-creating-an-application) to go to the detailed view of the app.
2. On the **INFO** tab, click **VIEW API KEY DETAILS**.
3. From the **API Key Details** dialog box, copy the **API Key** of the app to retrieve the Azure DevOps secret as described in [*Section 6.2: Configure and Test the Extension in Pipelines*](/v1/docs/fortanix-dsm-with-azure-devops#65-configure-and-test-the-extension-in-pipelines).

### 5.6 Importing a Security Object

Perform the following steps to import security objects in the Fortanix DSM:

1. In the DSM left navigation panel, click the **Security Objects**menu item, and then click **ADD SECURITY OBJECT** to create a new security object.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/Add-SO(1).png)

**Figure 5: Adding a security object**
2. On the **Add new Security Object**page:
  1. **Security Object Name**: Enter a name for your security object.
  2. **Group**: Select the group as created in [*Section 5.3: Creating a Group*](/v1/docs/fortanix-dsm-with-azure-devops#53-creating-a-group).
  3. Select **IMPORT**.
  4. In the **Choose a type** section, select the **Secret** key type.
  5. In the **Place value here or import from file**section, select the value format type as **Text** only and enter the object value (For example, **ADO-object**).
  6. In the **Key operations permitted**section, select the required operations to define the actions that can be performed with the cryptographic keys, such as encryption, decryption, signing, and verifying, except **EXPORT**.
3. Click **IMPORT**to create the new security object.

The new security object is added to the Fortanix DSM successfully.

## 6.0 Integration Steps

Refer to the following sections for the integration steps:

### 6.1 Install the Extension

Perform the following steps to install the extension:

1. Log in to Azure DevOps.
2. Navigate to [Fortanix-Secret-Management](https://marketplace.visualstudio.com/items?itemName=Fortanix.Fortanix-Secret-Management).
3. Click **Get it free**.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/Azure devops 1.png)

**Figure 6: Get it free**
4. Select an Azure DevOps organization.
5. Click **Install** to install the organization.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/Azure devops 2.png)

**Figure 7: Install the Organization**

### 6.2 Configure and Test the Extension in Pipelines

Perform the following steps:

1. Navigate to your Azure DevOps organization. (`https://dev.azure.com/&lt;organization_name&gt;`).
2. Select **Projects** tab, and then click **+ New project**.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/Azure devops 3.png)

**Figure 8: Create a new project**
3. Enter the project details and create the project.
4. Navigate to **Pipelines** and click **Create Pipeline** to add a new pipeline.
5. Configure your repository to store the pipeline YAML file.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/Azure devops 4.png)

**Figure 9: Configure the repository**
6. Export the following Environment Variables:

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/Azure devops 5.png)

**Figure 10: Export the variables**

Ensure that the **Keep the value secret**check box is enabled.
  - `FORTANIX_API_ENDPOINT` (For example, **amer.smartkey.io**)
  - `FORTANIX_API_KEY` (Fortanix application API Key as obtained in [*Section 5.5: Copying the API Key*](/v1/docs/fortanix-dsm-with-azure-devops#55-copying-the-api-key).)
7. Configure **Fortanix-Secret-Management** Task:
  1. In the pipeline editor, navigate to **Tasks** (under the **Review** tab).
  2. Search for **Fortanix**.
  3. Select **Fortanix-Secret-Management** task.
  4. Enter the following values and click **Add**.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/Azure devops 6.png)

**Figure 11: Add the variables**

The variables are added successfully.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/Azure devops 7.png)

**Figure 12: Variables added to Pipeline**
    - `FORTANIX_API_ENDPOINT`: Obtain it from the environment variable`$(FORTANIX_API_ENDPOINT)`.
    - `FORTANIX_API_KEY`: Obtain it from the environment variable `$(FORTANIX_API_KEY)`.
    - `FORTANIX_SECURITY_OBJECT_NAME`: Specifies the name of the security object generated in [*Section 5.6: Importing a Security Object*](/v1/docs/fortanix-dsm-with-azure-devops#56-importing-a-security-object).
    - `FORTANIX_SECURITY_OBJECT`: Exports the security object to this variable as a secret.
  5. Click **Save and run** to run the pipeline. Ensure the pipeline runs successfully.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/Azure%20Devops%20Step%205.png)

**Figure 13: Completion of the task**

Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface.