4

Within Azure DevOps YAML is it possible to use a variable within a get for another variable.

my specific issue is around using the Azure Key Vaults task. using this task as below:

  - task: AzureKeyVault@1
    displayName: 'Get Secrets $(KeyVault_Key) from ${{parameters.KeyVaultName}}'
    inputs:
     azureSubscription: ${{parameters.azureSubscription}}
     KeyVaultName: ${{parameters.KeyVaultName}}
     SecretsFilter: '$(KeyVault_Key)'
     RunAsPreJob: true

I have a variable in the Library called KeyVault_Key and pass this into the filter. The Key Vault task will create a new variable using the value of this variable.

e.g. if KeyVault_Key = "mySecretKey" then it create a variable you can access as $(mySecretKey)

However, when trying to access all of this using the variable commands it does not work.

e.g. $($(KeyVault_Key))

I have also tried variables as well like

e.g. $(${{variables.KeyVault_Key}})

** Update **

This is an example using the variable solution as recommended.

  - stage: 'Deploy'
displayName: 'Deploy Application'
variables:
  - name: "sqlConnectionNameKey"
    value: '$(TF_VAR_MYSQL_SERVER_USERNAME_KEY)'
  - name: "sqlConnectionPwdKey"
    value: '$(TF_VAR_MYSQL_SERVER_PASSWORD_KEY)'
jobs:
  - deployment: DeployApiDatabase
    pool:
      name: Default
    environment:
      name: Azure
    strategy:
      runOnce:
        deploy:
          steps:
            - task: AzureKeyVault@1
              displayName: 'Get Secrets'
              inputs:
                azureSubscription: ${{parameters.azureSubscription}}
                KeyVaultName: '$(TF_VAR_RESOURCE_PREFIX)-kv'
                SecretsFilter: '${{variables.sqlConnectionNameKey}}, ${{variables.sqlConnectionPwdKey}}'
                RunAsPreJob: true
            - task: AzureMysqlDeployment@1
              displayName: 'Deploy ApplicationConfigurationDbContext DB'
              inputs:
                azureSubscription: ${{parameters.azureSubscription}}
                ServerName: '$(sqlServerName).mysql.database.azure.com'
                DatabaseName: 'DatabaseName'
                SqlUsername: '$(sqlConnectionNameKey)@$(sqlServerName)' 
                SqlPassword: '$(sqlConnectionPwdKey)' 
                TaskNameSelector: 'SqlTaskFile'
                SqlFile: '${{variables.mySqlLocation}}DbContext.sql'
                IpDetectionMethod: 'AutoDetect'
Improve this question
1
  • Hi Did you get a chance to try out below answer? How did it go? Commented Oct 19, 2020 at 9:41

3 Answers 3

Reset to default
2

No this is not possible. You can't nest them. So if you want to use immediately value of your secret you can try to use Azure Cli task

  - task: AzureCLI@2
    inputs:
      azureSubscription: '${{parameters.azureSubscription}}'
      scriptType: 'pscore'
      scriptLocation: 'inlineScript'
      inlineScript: |
        $secretValue =  az keyvault secret show --vault-name ${{parameters.KeyVaultName}} --name $(KeyVault_Key) --query value  -o tsv
        echo $secretValue

However, if this doesn't solve your issue I'm afraid you are forced to redesign your idea.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

Nested variables are not yet supported in azure pipeline. The user voice has been submitted to Microsoft Development team. You can vote it up here or submit a new one.

As a workaround, you can define a new variable and map its value to variable $(KeyVault_Key). See below example:

  variables: 
  - name: SecretKeyFromKeyVault
    value: $(KeyVault_Key)

Then you can refer to the variable mySecretKey created by Key Vault task by using $(SecretKeyFromKeyVault)

Improve this answer

2 Comments

This just prints the value or 'KeyVault_Key" but not the value from the Key Vault itself. Thank you though.
This was the output from the attempt "C:\Program Files\MySQL\MySQL Workbench 8.0 CE\mysql.exe" -h SqlServer.mysql.database.azure.com -u mysqlServerName@SqlServer -p ***
1

This won't work:

  variables: 
  - name: SecretKeyFromKeyVault
    value: $(KeyVault_Key)

$(VariableName) is runtime expression, when define variable like this, the value should be defined in compile time. So, compile-time expression should be used:

  variables: 
  - name: SecretKeyFromKeyVault
    value: ${{ variables.KeyVault_Key }}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.