How to add secret variable as task environment variable in VSTS

Question

This documentation states that secret variables are

Not decrypted into environment variables. So scripts and programs run by your build steps are not given access by default.

One of my build tasks require that an environment variable be set that is stored in a secret variable. Does this mean it's impossible to do this using secret varaibles in VSTS? If not, how do I do this?

For further background, I'm trying to code sign my electron app using electron-builder. It requires that two environment variables be set: CSC_LINK and CSC_KEY_PASSWORD. One of these is the password to a code signing certificate so needs to be kept secure.

Answer 1

When using the YAML-syntax this can be achieved too:

steps:
- script: |
    echo %MYSECRET%
  env:
    MySecret: $(Secret_Variable)

Answer 2

You can supply variables to pass to tasks in the Variables page of the build definition:

Then they can be passed in to a task as an input like so:

Answer 3

Set Environment Variable

Use a Command Line task, like this:

target_environment_variable now contains the value of secret_variable.

Verify

Add a subsequent Command Line task that writes all environment variables to a disk file, like this: (note: in the Arguments text box, write to a folder that both you and build agent can access):

Queue the build definition, then view the file containing the environment variables: