6

I have an issue using Azure Vault to store my secrets and .properties file to store the secret name (so it is not hardcoded in the pipeline) and access it later from the Azure DevOps Pipeline: .properties file:

...
SERVER_ADMIN_SECRET_NAME=server-password-test
...

I am using template pipeline which reads the file and exports all key=values as $(property) with corresponding value as a global property (##vso[task.setvariable variable=$KEY]$VAL).

When I call Azure Key Vault, it returns the key name and export variable $(server-password-test) so it can be used later. However, I am unable to access it, because the variable name is the value of another variable $(SERVER_ADMIN_SECRET_NAME). The solution should be using a variable inside variable $($(SERVER_ADMIN_SECRET_NAME)), but this does not work in Azure Pipelines.

My pipeline looks like this:

...
- template: read_properties.yml
  parameters:
    file: config.properties

- task: AzureKeyVault@1
  inputs:
    azureSubscription: 'vault-service-connection'
    KeyVaultName: 'test-playground'
    SecretsFilter: '$(SERVER_ADMIN_SECRET_NAME)'

# TODO : How to fix this??
- task: CmdLine@2
  inputs:
    script: |
      echo $($(SERVER_ADMIN_SECRET_NAME))
...

Diagram:
enter image description here

Improve this question

3 Answers 3

Reset to default
9

For this issue , the value of nested variables (like $($(SERVER_ADMIN_SECRET_NAME))) are not yet supported in the pipelines. You can refer to this case to see this point.

The workaround I can think of is adding the Variable Toolbox task to the top of your build steps.

In this task you can set nested variable value for variable.

enter image description here

enter image description here

enter image description here

You can refer to this case for this task.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Worked like a charm this task: jessehouwing.jessehouwing-vsts-variable-tasks.vsts-variable-set.VariableSetTask@1
2

This works for me, see the last line for the clue:

variables:
  azureSubscription: 'my-subscription'
  azureKeyVault: 'my-keyvault'
  testkv: $(SERVER_ADMIN_SECRET_NAME)

jobs:

- job: TestKeyVault
  displayName: Key Vault access
  continueOnError: true
  steps:
  - task: AzureKeyVault@1
    inputs:
      azureSubscription: ${{ variables.azureSubscription }}
      KeyVaultName: ${{ variables.azureKeyVault }}
      SecretsFilter: ${{ variables.testkv }}
      RunAsPreJob: true

  - task: CmdLine@2
    inputs:
      script: 'echo $(${{ variables.testkv }}) > secret.txt'
Improve this answer

1 Comment

doesn't work for me, in the file ends literally this test: $(SERVER_ADMIN_SECRET_NAME)
1

Based on the response from @HeyMan. The following works for me

Write-Output "Value: $(SOME-String${{parameters.this}}-${{variables.that}})";
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.