Reputation: 391
Unable to read VSTS Online release variables
I'm working with VSTS environment variables and stuck with variables of a secret type.
I'm using POSH script (file) to generate a variable (in fact, to obtain the value from Azure Key Vault and the set this value to the variable):
# Add as a script parameter during the release step
-ResourceGroupNameArg "$(ResourceGroupName)" -KeyVaultNameArg "$(KeyVaultName)" -KeyVaultSecretNameArg "$(KeyVaultSecretName)"
# The script itself
Param(
[string]$ResourceGroupNameArg,
[string]$KeyVaultNameArg,
[string]$KeyVaultSecretNameArg
)
<...>
$secret = Get-AzureKeyVaultSecret -VaultName $KeyVaultNameArg -Name $KeyVaultSecretNameArg
$secretValue = $secret.SecretValueText
Write-Host "##vso[task.setvariable variable=SQLAdministratorPassword;issecret=true]$secretValue"
Here I can pass to the script different KeyVault names (according to my needs) - by substituting the $KeyVaultNameArg and $KeyVaultSecretNameArg variables.
For any other variables configured using ##vso[task.setvariable variable= I am able to retrieve them using the construction $env:DatabaseName (for example in another POSH script) or $(DatabaseName) in agent phase step (using Hosted 2017 agent).
However, for the issecret=true variable or even for a manually created variable I'm unable to retrieve its values during the release deployment process.
According to this article,
The values of hidden (secret) variables are stored securely on the server and cannot be viewed by users after they are saved. During a deployment, the Release Management service decrypts these values when referenced by the tasks and passes them to the agent over a secure HTTPS channel.
So IMO the variables should be accessible for the script (or even agent phase step) despite they are secret.
Upvotes: 2
Views: 471
Answers (1)
Reputation: 33738
Refer to these steps to do it:
- Click Library tab
- Click + Variable group
- Specify variable group name
- Enable Link secrets for an Azure Key vault as variables and link Azure key vault
- Click +Add to add necessary secret(s)
- Edit release definition
- Choose Variables tab
- Select Variable groups
- Click Link variable group to link that variable group
- Using the related variable directly in release task (
$(variable name))
Upvotes: 0
Related Questions
- VSTS Release error: A parameter cannot be found that matches parameter name 'Server'
- Azure Powershell secure secret value
- VSTS Powershell Secret Variable
- Not able to print the Azure-Keyvault secret in the release pipeline
- How to use Azure KeyVault Secrets in AzureDevOps as varibles in CI/CD Definitions?
- Powershell Access Azure DevOps Secret Variables
- VSTS: Cannot change value of a user defined variable in release
- Unable to access Azure Key vault secret in a powershell script running on Azure Devops
- VSTS Release - 'runtime' replacement of Environment Variable
- Powershell script running in vsts release not recognizing environment variables