We all know that we shouldn’t put any passwords into our code and check them into source control, but many guides (including my own) often reference a password variable or parameter. The parameter option is actually OK, in my opinion, as long as you then reference a secure password from either an Azure DevOps library, GitHub Secret, or using an Azure key vault. In this post, I want to show you how to reference secrets stored in the Azure key vault and use them in a GitHub action and pass the value to a Bicep deployment.

This is the last part of this blog series, and here I want to show you how to use a JSON configuration file and a PowerShell script to deploy the same environment as you have seen in the first five parts of the series. This deployment type will feel familiar to many consultants since PowerShell is widely used among consultants. This deployment method can ease them into a DevOps mindset. Doing it this way enables flexibility around which part of the code to deploy by using if statements in the PowerShell script.

In this part of the series, I will create two virtual machines and join them in my on-premises domain. These machines will be Citrix Cloud Connectors that will serve my Citrix environment with a new resource location in Azure. The Cloud Connectors will be deployed in an Azure Availability Set to ensure high availability. Source code can be found on my GitHub, find it here . I start with the creation of a new branch for my code, this will be called “VM”.

In this part of the blog series, I want to create the VPN connection from Azure to my on-premises lab environment. As I did in the last part, I will create a new branch in Github for my work. I am doing this to ensure that my main branch is always running without errors. I will call this new branch for “VPN”. The first step is to create the template file for the Virtual Network Gateway in Azure.

I want to create my resource groups and my virtual network in this part of the blog series. To create these resources will use a combination of Bicep files, where I split my code into an execution file with parameters and a generic template file. I am doing this to not limit my options for deploying environments. In fact, the last post in this series will be to deploy the same environment but switching the execution code with a PowerShell script.

In part 1 of the series, I got my GitHub repository set up with a secret containing a service principal for Azure. This setup allows me to create a GitHub actions deployment using the service principal as authentication. In this part, I create the GitHub action to create a resource group in my Azure subscription. GitHub actions are using the YAML format, and for me, this took a bit to get used to, not because it is hard to read and write, but because the indentation is important and coming from PowerShell and JSON, this is new to me.

I want to guide you through the initial setup for GitHub Actions and Bicep in this blog series. If you read my last series on Azure and Terraform, I want to do the same deployment, but this time using the tools mentioned. As this is a getting started guide, I will show all the steps I have taken to set up the deployment and reference the sites I have used to find knowledge.