Azure DevOps accessing two Key Vaults with duplicate secret names

Question

I currently have an azure build pipeline that needs to access two different Key Vaults. Unfortunately both of the secrets I am trying to access have a name of SQLUserName. I am trying to pass these as arguments to a python script. I am looking for a way that I could qualify or differentiate between the secrets when passing the arguments.

Ideally I would like to access the variable qualified something like $(ServiceConnection1.SQLUserName) But I can't find any information on this.

I have been researching a way to rename a variable so I could possibly run the first Key Vault task then rename $(SQLUserName) to $(SQLUserNamefoo) then run the second Key Vault task and rename to $(SQLUserName) to $(SQLUserNamebar). I can't seem to find anyway to rename a variable in YML.

trigger:
- main

pool:
  vmImage: 'ubuntu-latest'
strategy:
  matrix:
    Python37:
      python.version: '3.7'

steps:
- task: AzureKeyVault@1
  inputs:
    azureSubscription: 'ServiceConnection1' 
    KeyVaultName: 'Vault1'
    SecretsFilter: '*'
    RunAsPreJob: true
- task: AzureKeyVault@1
  inputs:
    azureSubscription: 'ServiceConnection2'
    KeyVaultName: 'Vault2'
    SecretsFilter: '*'
    RunAsPreJob: true

- task: UsePythonVersion@0
  inputs:
    versionSpec: '$(python.version)'
  displayName: 'Use Python $(python.version)'

- script: |
    python -m pip install --upgrade pip
    pip install -r requirements.txt
  displayName: 'Install dependencies'

- task: PythonScript@0
  inputs:
      scriptSource: 'filePath'
      scriptPath: 'keyVaultTest.py'
      arguments: '$(SQLUserName))'
      #ideal way to work
      arguments: '$(SQLUserName1) $(SQLUserName2))'

Answer 1

Azure DevOps accessing two Key Vaults with duplicate secret names

We could add a Inline powershell task with Logging Command to set the variable SQLUserNamefoo with value $(SQLUserName) after the first AzureKeyVault task.

Write-Host ("##vso[task.setvariable variable=SQLUserNamefoo]$(SQLUserName)")

Then we could use the $(SQLUserNamefoo) in the next tasks.

And we could set the another Inline powershell task to set the variable SQLUserNamebar with value $(SQLUserName) after the second AzureKeyVault task

Write-Host ("##vso[task.setvariable variable=SQLUserNamebar]$(SQLUserName)")

As test, I created a Key Vault SQLUserName with value Leotest. In order to verify the SQLUserNamefoo is set to $(SQLUserName), I defined SQLUserNamefoo in the Variables with value 123:

And add another powershell task to output the value of SQLUserNamefoo to a txt file to verify it:

cd $(System.DefaultWorkingDirectory)

New-Item $(System.DefaultWorkingDirectory)\temp -type directory

cd temp

New-Item a.txt -type file

write-output $(SQLUserNamefoo)| out-file -filepath $(System.DefaultWorkingDirectory)\temp\a.txt

The result of txt file: