diff --git a/eng/common/pipelines/templates/steps/set-vcpkg-cache-vars.yml b/eng/common/pipelines/templates/steps/set-vcpkg-cache-vars.yml
new file mode 100644
index 000000000000..7ba4d9018875
--- /dev/null
+++ b/eng/common/pipelines/templates/steps/set-vcpkg-cache-vars.yml
@@ -0,0 +1,19 @@
+steps:
+  - pwsh: |
+      Write-Host "Setting vcpkg cache variables for read only access to vcpkg binary and asset caches"
+      Write-Host '##vso[task.setvariable variable=VCPKG_BINARY_SOURCES_SECRET;issecret=true;]clear;x-azcopy,https://azuresdkartifacts.blob.core.windows.net/public-vcpkg-container,read'
+      Write-Host '##vso[task.setvariable variable=X_VCPKG_ASSET_SOURCES_SECRET;issecret=true;]clear;x-azurl,https://azuresdkartifacts.blob.core.windows.net/public-vcpkg-container,,read'
+    displayName: Set vcpkg variables
+
+  - ${{if eq(variables['System.TeamProject'], 'internal') }}:
+    - task: AzurePowerShell@5
+      displayName: Set Vcpkg Write-mode Cache
+      inputs:
+        azureSubscription: 'Azure SDK Artifacts'
+        ScriptType: FilePath
+        ScriptPath: eng/common/scripts/Set-VcpkgWriteModeCache.ps1
+        azurePowerShellVersion: LatestVersion
+        pwsh: true
+      # This step is idempotent and can be run multiple times in cases of
+      # failure and partial execution.
+      retryCountOnTaskFailure: 3
diff --git a/eng/common/scripts/Set-VcpkgWriteModeCache.ps1 b/eng/common/scripts/Set-VcpkgWriteModeCache.ps1
new file mode 100755
index 000000000000..51bfab05c22a
--- /dev/null
+++ b/eng/common/scripts/Set-VcpkgWriteModeCache.ps1
@@ -0,0 +1,22 @@
+#!/bin/env pwsh
+param(
+  [string] $StorageAccountName = 'azuresdkartifacts',
+  [string] $StorageContainerName = 'public-vcpkg-container'
+)
+
+$ctx = New-AzStorageContext `
+  -StorageAccountName $StorageAccountName `
+  -UseConnectedAccount
+
+$vcpkgBinarySourceSas = New-AzStorageContainerSASToken `
+  -Name $StorageContainerName `
+  -Permission "rwcl" `
+  -Context $ctx `
+  -ExpiryTime (Get-Date).AddHours(1)
+
+# Ensure redaction of SAS tokens in logs
+Write-Host "##vso[task.setvariable variable=VCPKG_BINARY_SAS_TOKEN;issecret=true;]$vcpkgBinarySourceSas"
+
+Write-Host "Setting vcpkg binary cache to read and write"
+Write-Host "##vso[task.setvariable variable=VCPKG_BINARY_SOURCES_SECRET;issecret=true;]clear;x-azcopy-sas,https://$StorageAccountName.blob.core.windows.net/$StorageContainerName,$vcpkgBinarySourceSas,readwrite"
+Write-Host "##vso[task.setvariable variable=X_VCPKG_ASSET_SOURCES_SECRET;issecret=true;]clear;x-azurl,https://$StorageAccountName.blob.core.windows.net/$StorageContainerName,$vcpkgBinarySourceSas,readwrite"