If I use Get-AzAutomationVariable -Name EncryptedVar, then the value of the variable is showing as null in the output and I can't make use of it.
I have used Get-AutomationVariable -Name EncryptedVar . It works fine, but it exposes the value of the variable in plain text.
Is there a way to use the encrypted variable with the help of the first script(Get-AzAutomationVariable) ?
First of all, answering your direct question precisely:
Is there a way to use the encrypted variable with the help of the first script(Get-AzAutomationVariable) ?
By design, Get-AzAutomationVariable does not retrieve secrets. It does not return encrypted variable values in any form.
Your concern and your goal are not entirely clear though. If Get-AzAutomationVariable returned the variable value, wouldn't you have exactly the same concern as with Get-AutomationVariable? How exactly do you intend to use the value of this variable? Are you going to pass the secret to any external system? In what form would this external system accept the secret?
Please note that Get-AutomationVariable does not expose the value on its own: as a runbook author, you are free to do anything with it. Obviously, if you print it out to the logs, it will be exposed to all log readers. But, if you don't do that, it will not be exposed. For example, you can immediately wrap it into a SecureString. Ultimately, this is up to the runbook code owner.
use the encrypted variables without exposing the value? - Jim Xu