Reputation: 853
Variable inside variable Azure Pipelines
I have an issue using Azure Vault to store my secrets and .properties file to store the secret name (so it is not hardcoded in the pipeline) and access it later from the Azure DevOps Pipeline: .properties file:
...
SERVER_ADMIN_SECRET_NAME=server-password-test
...
I am using template pipeline which reads the file and exports all key=values as $(property) with corresponding value as a global property (##vso[task.setvariable variable=$KEY]$VAL).
When I call Azure Key Vault, it returns the key name and export variable $(server-password-test) so it can be used later. However, I am unable to access it, because the variable name is the value of another variable $(SERVER_ADMIN_SECRET_NAME). The solution should be using a variable inside variable $($(SERVER_ADMIN_SECRET_NAME)), but this does not work in Azure Pipelines.
My pipeline looks like this:
...
- template: read_properties.yml
parameters:
file: config.properties
- task: AzureKeyVault@1
inputs:
azureSubscription: 'vault-service-connection'
KeyVaultName: 'test-playground'
SecretsFilter: '$(SERVER_ADMIN_SECRET_NAME)'
# TODO : How to fix this??
- task: CmdLine@2
inputs:
script: |
echo $($(SERVER_ADMIN_SECRET_NAME))
...
Diagram:
Upvotes: 6
Views: 16038
Answers (3)
Reputation: 648
Based on the response from @HeyMan. The following works for me
Write-Output "Value: $(SOME-String${{parameters.this}}-${{variables.that}})";
Upvotes: 1
Reputation: 1845
This works for me, see the last line for the clue:
variables:
azureSubscription: 'my-subscription'
azureKeyVault: 'my-keyvault'
testkv: $(SERVER_ADMIN_SECRET_NAME)
jobs:
- job: TestKeyVault
displayName: Key Vault access
continueOnError: true
steps:
- task: AzureKeyVault@1
inputs:
azureSubscription: ${{ variables.azureSubscription }}
KeyVaultName: ${{ variables.azureKeyVault }}
SecretsFilter: ${{ variables.testkv }}
RunAsPreJob: true
- task: CmdLine@2
inputs:
script: 'echo $(${{ variables.testkv }}) > secret.txt'
Upvotes: 2
Reputation: 19361
For this issue , the value of nested variables (like $($(SERVER_ADMIN_SECRET_NAME))) are not yet supported in the pipelines. You can refer to this case to see this point.
The workaround I can think of is adding the Variable Toolbox task to the top of your build steps.
In this task you can set nested variable value for variable.
You can refer to this case for this task.
Upvotes: 9
Related Questions
- Use variables in Azure DevOps Pipeline templates
- Pass variables between Azure pipelines
- Azure Devops - Nested Variables At Runtime
- How to pass variables from one pipeline to another pipeline in azure devops
- Azure DevOps Pipeline - Use previously defined variables in variable definition
- Create variables dynamically in azure pipeline
- Azure DevOps - Set a Build variable using another variable (nested/composed variables)
- Retrive Variable in a variable group using another variable
- Azure DevOPs Pipeline Variable using a variable syntax
- Azure DevOps: Getting variable value by concatenating other variables'value as task input