CODEWITHSUNDEEP
azureazure-devopsazure-pipelines
Vlad
Vlad

Reputation: 63

Azure Devops how to obtain secure variable value in task

I declared connection string on the pipeline variables page as secure but in the pipeline I cannot obtain the value. I have already read related page in docs but it doesn't provide an example when I want to use a value in a task. https://learn.microsoft.com/en-us/azure/devops/pipelines/process/variables?view=azure-devops&tabs=yaml%2Cbatch#secret-variables

The task where I want to get the value you can see below
- task: AzureWebAppContainer@1
        displayName: Deploy to App Service
        inputs:
          azureSubscription: 'free_subscription(id)'
          appName: 'app-service'
          containers: 'containerregistry.azurecr.io/something:$(tag)'
          **WANT TO USE IT HERE**
          appSettings: 'CONNECTION_STRING=$(CONNECTION_STRING)'

$(CONNECTION_STRING) returns empty string

EDIT

Updated code but it doesn't work anyway... connection string is still empty in app settings.

- stage: Deploy
    displayName: Deploy to App Service
    jobs:
    - job: Deploy
      displayName: Deploy
      pool:
        vmImage: ubuntu-latest
      steps:
      - bash: echo "##vso[task.setvariable variable=CONNECTION_STRING]$CONNECTION_STRING"
        displayName: 'Set variable'
      - task: AzureWebAppContainer@1
        displayName: Deploy to App Service
        inputs:
          azureSubscription: 'free_subscription(id)'
          appName: 'app-service'
          containers: 'appnamecontainerregistry.azurecr.io/repository:$(tag)'
          appSettings: |
            [
              {
                "name": "CONNECTION_STRING",
                "value": "$(CONNECTION_STRING)",
                "slotSetting": false
              }
            ]

Upvotes: 2

Views: 3818

Answers (3)

Vlad
Vlad

Reputation: 63

I found 2 solutions that work

By variables section ( I prefer that way)

 variables:
tag: '$(Build.BuildId)'
# Set secret variable to pipeline variable
CONNECTION_STRING_UNSECRET: $(CONNECTION_STRING)

- stage: Deploy
    displayName: Deploy to App Service
    jobs:
    - job: Deploy
      displayName: Deploy
      pool:
        vmImage: ubuntu-latest
      steps:
      - task: AzureWebAppContainer@1
        displayName: Deploy to App Service
        inputs:
          azureSubscription: 'free_subscription(id)'
          appName: 'app-service'
          containers: 'appnamecontainerregistry.azurecr.io/repository:$(tag)'
          appSettings: |
        -CONNECTION_STRING $(CONNECTION_STRING_UNSECRET)

AND by bash script

    - stage: Deploy
            displayName: Deploy to App Service
            jobs:
            - job: Deploy
              displayName: Deploy
              pool:
                vmImage: ubuntu-latest
              steps:
    - bash: |
          echo "##vso[task.setvariable variable=CONNECTION_STRING_UNSECRET]$ 
 CONNECTION_STRING_ENV_VARIABLE"
        displayName: 'Set variable'
        env:
          CONNECTION_STRING_ENV_VARIABLE: $(CONNECTION_STRING)
              - task: AzureWebAppContainer   @1
                displayName: Deploy to App Service
                inputs:
                  azureSubscription: 'free_subscription(id)'
                  appName: 'app-service'
                  containers: 'appnamecontainerregistry.azurecr.io/repository:$(tag)'
                  appSettings: |
                -CONNECTION_STRING $(CONNECTION_STRING_UNSECRET)

Btw if you see "***" value of your variable in console it means your step has read the value successfully.

Thanks @Lance Li-MSFT for the links they really helped me.

Upvotes: 2

LoLance
LoLance

Reputation: 28216

I have already read related page in docs but it doesn't provide an example when I want to use a value in a task.

To use variables defined in script as inputs of next step, you can check Use variables as task inputs. For more details you can check my another issue.

Connection string is still empty in app settings.

As I know the recommended format of appsettings is -key value instead of the json format above. Sample:

          appSettings: |
            -Port 5000 -RequestTimeout 5000 
            -WEBSITE_TIME_ZONE "Eastern Standard Time"

Instead of modifying the ConnectionString in AzureWebAppForContainer task, I suggest using Azure App Service Settings task after your AzureWebAppContainer step to configure the ConnectionString. You can use this format in connectionStrings input of AzureAppServiceSettings to configure what you want:

connectionStrings: |
      [
        {
          "name": "MysqlCredentials",
          "value": "$(MySQl_ConnectionString)",
          "type": "MySql",
          "slotSetting": false
        }
      ]

Upvotes: 0

DreadedFrost
DreadedFrost

Reputation: 2978

You are overlooking this when selecting a secret Pipeline variable: enter image description here

This is referenced here So depending on if your OS is Linux or Windows it would be: Linux: $CONNECTION_STRING Windows: %CONNECTION_STRING%

Upvotes: 2

Related Questions