How Can I make Secret variables (defined in azure release pipeline) be accessible to my Powershell marketplace task?

0
votes

How Can I make Secret variable (SecretVar) defined in azure release pipeline be accessible to my Powershell used to create marketplace task (vsix)?

1
azure-devopsazure-pipelines-release-pipelinevsixazure-devops-extensionsazure-marketplace

1 Answers

0
votes

How Can I make Secret variable (SecretVar) defined in azure release pipeline be accessible to my Powershell used to create marketplace task (vsix)?

You could not access the secret variable directly from the task. This behavior is by designed for protecting secret variables from being exposed in the task.

This documentation states that secret variables are:

  • Not decrypted into environment variables. So scripts and programs run by your build steps are not given access by default.
  • Decrypted for access by your build steps. So you can use them in password arguments and also pass them explicitly into a script or a program from your build step (for example as $(password)).

That the reason why you could not use the secret variables in your task.

To resolve this issue, we need to explicitly map secret variables:

variables:
 GLOBAL_MYSECRET: $(mySecret) 
 GLOBAL_MY_MAPPED_ENV_VAR: foo 

steps:

- Youtask: |

  env:
    MY_MAPPED_ENV_VAR: $(mySecret) # right way to map to an env variable

Or if the secret variable can be set as arguments, we could use it:

variables:
  VMS_USER: $(vmsUser)
  VMS_PASS: $(vmsAdminPass)

pool:
  vmImage: 'ubuntu-latest'

steps:
- task: AzureFileCopy@4
  inputs:
    SourcePath: 'my/path'
    azureSubscription: 'my-subscription'
    Destination: 'AzureVMs'
    storage: 'my-storage'
    resourceGroup: 'my-rg'
    vmsAdminUserName: $(VMS_USER)
    vmsAdminPassword: $(VMS_PASS)

If your task does not support env: or arguments to pass secret variables explicitly into a script, you could not use it in the task.

You could check this thread for and the document for some more details.

Update:

My custom marketplace task uses Powershell (not yaml) and that is where I would like to access it. How can I do that within powershell?

If you want to access the secret variables in the powershell script instead of the inline/powershell task, you could try to pass the value of secret variable through PowerShell parameters:

Param(
 [String]$pass
)
if ($pass) { Write-Host "variable is NOT null" }
if (!$pass) { Write-Host "variable is null" }

Check this thread for some details.

Hope this helps.