Reputation: 2629
Use a variable name that is stored in another variable in Azure Pipelines
I'm using the AzureKeyVault task to retrieve a secret from the Key Vault. The name of the secret is StorageAccountKey. This name is stored in the variable KeyName. I do it like that
- task: AzureKeyVault@1
displayName: 'Get key'
name: GetKey
inputs:
azureSubscription: '${{ parameters.azureSubscription }}'
KeyVaultName: '$(KeyVaultName)'
SecretsFilter: '$(KeyName)'
Now, in a subsequent task, I would like to access the secret. How would I do that, given that the name of the secret is itself stored in a variable? The following seems not to work
- task: Bash@3
displayName: Create container
inputs:
targetType: 'inline'
script: |
az storage container create \
--name raw \
--account-name storageaccountname \
--account-key $($(dataLakeAccountKeyKeyName))
failOnStderr: true
I'm getting the error
/mnt/azp/azp-linux1_5/_temp/6719378a-b3ee-45d8-aad8-4f6a5e8b581e.sh: line 1: StorageAccountKey: command not found
ERROR: az storage container create: error: argument --account-key: expected one argument
So, it does seem to resolve the inner variable but still fails.
Upvotes: 3
Views: 1393
Answers (3)
Reputation: 1
not sure you got the answer for the question, but yes, if you know the keyvault's keyname is StorageAccountKey then when keyvault task finished, just use the variable $(StorageAccountKey) directly from the powershell script.
az storage container create \
--name raw \
--account-name storageaccountname \
--account-key $(StorageAccountKey)
or, I am not sure if its feasible, as sometime it does not allow the same syntax to be executed. maybe try this if you need to insist using variable assume the variable keyname is the secret key that present the string value storageaccountkey
az storage container create \
--name raw \
--account-name storageaccountname \
--account-key $((Get-Variable -name $KeyName).Value)
as this was tested under some sample ps program
$mm = 'bb'
$bb = "aa"
Write-Output "$((Get-Variable -name $mm).Value)"
the output result is aa for the above code.
Upvotes: 0
Reputation: 1151
Try using:
--account-key $(StorageAccountKey)
From "Azure Key Vault task" documentation:
Values are retrieved as strings. For example, if there is a secret named connectionString, a task variable connectionString is created with the latest value of the respective secret fetched from Azure key vault. This variable is then available in subsequent tasks."
So if you access secret named in azure key vault "StorageAccountKey" then Azure DevOps creates from this place variable called "StorageAccountKey".
Upvotes: 0
Reputation: 63
I also struggled to get this done and this has worked for me:
steps:
- task: AzureKeyVault@1
inputs:
azureSubscription: ${{ parameters.azureSubscription }}
KeyVaultName: ${{ parameters.azureKeyVaultName }}
SecretsFilter: '*'
RunAsPreJob: true
- bash: |
#I can now use ${GCP_CREDS}
displayName: GCP auth
env:
GCP_CREDS: $(${{ parameters.azureKeyVaultCredentailsKey }})
Upvotes: 3
Related Questions
- Variable inside variable Azure Pipelines
- How to use predefined variables in Azure DevOps PowerShell Task?
- Setting a result from task in an azure pipeline variable
- Use Azure Pipelines variable where the name is referenced from a bash variable
- Create variables dynamically in azure pipeline
- Azure Pipeline - Use variable set in template task as a parameter in another template task
- Azure DevOPs Pipeline Variable using a variable syntax
- Azure DevOps: Getting variable value by concatenating other variables'value as task input
- Azure Devops Pipeline: Define variable and use it as task input on another step
- Variable substitution in build pipeline