Login/Register
VSTS secrets as environment variables
Asked Answered
Solved environment-variablesazure-pipelines
E

1

7

In the VSTS build, I set various variables (Edit build -> Variables tab), some I set as secret (click the lock), some I don't.

In the build, I run a command prompt task to run set -- e.g. show me all the environment variables. Those marked as secret aren't present.

How do I get VSTS secrets into environment variables?

Echoism answered 1/5, 2018 at 1:30 Comment(2)
Possible duplicate of How to add secret variable as task environment variable in VSTSCholecalciferol
And my answer can be found on that question: https://mcmap.net/q/753605/-how-to-add-secret-variable-as-task-environment-variable-in-vstsCholecalciferol
S
12

Secret variables are:

  • Encrypted at rest with a 2048-bit RSA key.
  • Not returned back to the client. They are automatically masked out of any log output from the build or release.
  • Not decrypted into environment variables. So scripts and programs run by your build steps are not given access by default.
  • Decrypted for access by your build steps. So you can use them in password arguments and also pass them explicitly into a script or a program from your build step (for example as $(password)).

So, Secure variables need to be passed in to tasks as inputs. Check this case: How to add secret variable as task environment variable in VSTS

Stilly answered 1/5, 2018 at 8:39 Comment(2)
So my task would need to take %SECURE% in as an arg, then within the task set SECURE=%SECURE% to re-form it as an env var? (I'm trying to pass secure configs into dotnet test. Arguments of mocking these details aside.)Echoism
Is there any way to enumerate them and update VSTS step as the pipeline is being executed? this works okay when you have 1 or 2 variables, but managing 20 becomes ridiculously tediousSchick

© 2022 - 2024 — McMap. All rights reserved.