How to Read kay vault secrets during VSTS tests

0
votes

I have problem with Azure Key Vault step in VSTS. I link the step to my key vault and this working.

This step is successfull

2018-03-23T21:12:08.8733257Z Downloading secrets using: https://xxx.vault.azure.net/secrets?maxresults=25&api-version=2016-10-01. 2018-03-23T21:12:09.9618492Z Number of secrets found in xxx: 10 2018-03-23T21:12:09.9619452Z Number of enabled and unexpired secrets found xxx 2018-03-23T21:12:09.9640507Z Downloading secret value for: xxx

But what I can’t do is reading these secrets in my tests when I run them Im using ConfigurationBuilder (to read env variable) and Microsoft.Azure.Services.AppAuthentication (for MSI auth access to key vault) neither API can see and read this variable when test running. I also tried to use additional script to convert build variable into environment var using both echo and $env:auth0:clientDomain = “$(auth0–clientDomain)”, neither works.

So basically my question is how I could read Azure Key Vault secrets from my tests on VSTS.

Thanks

1
azure-devopsazure-keyvault

1 Answers

0
votes

The secret variables are not decrypted into environment variables, so scripts and programs run by the build steps are not given access by default. Secret Variables

For example: a secret (Name: s1) in Key vault, then you can access the value like $(s1), but can’t access it like $env:s1. (PowerShell task)

The workaround is that you can replace the token value with the value of key vault secret in a file through Token Replace task (or other way)