Context: I have a Release pipeline that does the following: - Delete my runbooks from the automation account- reason - Copy my runbooks from a my repository into my blob storage - Run my ARM template where I fetch the blob storage runbook and deploy this to my automation account.
For the third step I need my ARM template to retrieve the blob storage. In Azure devops this is easily done by using the output variable of the copy step en use this inside my deployment step and just override the parameters. But the ARM template I use is a linked template (main template) and the ARM that deploys the runbook doesn't have parameters but a parameter file so I can't just override the parameters there.
The solution for this is to put the SAS token inside a Keyvault secret so the ARM template that needs the SAS token just gets this from the KeyVault.
To do this I copied my Runbook to my blob storage account and exported the sas token in Azure devops. In the next step I want to set the keyvault secret to this variable. So that with every run a fresh SAS token will be in place for the ARM template to retrieve. The problem I am facing now is this.
I use the following lines of code
$Secret = ConvertTo-SecureString -String $(StorageToken) -AsPlainText -Force
Set-AzureKeyVaultSecret -VaultName 'keyvault' -Name 'supersecret-sas-token' -SecretValue $(StorageToken)
But the sas token has a value like this ?sv=2015-05-14&551qf54q5f4&qz5f4qz5f4&qz5f
Like you can see there are some ampersand(&) in the string. And Powershell gives me a hard time for this.
I get the following error message
the ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an ampersand in double quotation marks ("&") to pass it as part of a string.
I tried replacing the amersand value in the string with the value "&" with the quotation marks. ----> didn't work
I tried adding "' '" before and after the string ----> didn't work
Does anyone know a workaround to deploy the sas token to a KeyVault.
