Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Accessing secret variables from release task

See original GitHub issue

Hello,

We have built a VSTS extension that adds UI to the work item dialog, and a task to update some state in our application.

The rollout task reads a few inputs like release.releaseId and System.TeamProjectId. It also expects the user to set some variables so that the task can make authenticated calls to VSTS. One such call fetches the work items associated with a release via the Release API.

The authentication currently only works with alternate credentials or PAT. So the user needs to set username and password variables on the release. The task then reads them via getVariable. The code looks something like this:

var https = require('https');
var tl = require('vso-task-lib/vsotask');
var username = tl.getVariable('username', false);
var password = tl.getVariable('password', false);
var auth = username + ':' + password;

https.request({..., auth: auth}, function(res) {
  ...
});

The issue we’re running into is that the password variable is undefined if it is made secret in the UI, and authenticated VSTS calls fail.

Is there a separate method we can use to read secret variables?

Best,

Alexis

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Comments:6 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
ericsciplecommented, Dec 6, 2016

you can use getEndpointAuthorizationParameter(‘SystemVssConnection’, ‘AccessToken’) to access the job token

i believe a 2x agent (2.105.7 would be a good backstop - i.e. TFS 2017 RTM agent) is required in order access secret variables.

if using the job token is not good for your scenario, then i would suggest switching to an input instead of relying on user to set a specific variable. then the user can pass their secret variable into the input - e.g. $(myusername)

0reactions
bryanmacfarlanecommented, Dec 12, 2016

You need to set the bearer header

https://github.com/Microsoft/vsts-node-api/blob/master/api/handlers/bearertoken.ts

If you use node api, you can construct it with that auth handler.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Set secret variables - Azure Pipelines
Secret variable in the UI · Go to the Pipelines page, select the appropriate pipeline, and then select Edit. · Locate the Variables...
Read more >
Using a secret variable in azure pipeline
To use the secret variable in the task , you need to map the secret variable to a new environment variable as shown...
Read more >
How Can I make Secret variables (defined in azure release ...
My custom marketplace task uses Powershell (not yaml) and that is where I would like to access it. How can I do that...
Read more >
How to expose secret variables in Azure DevOps - WinOpsDBA
First, we will create two variables as part of our release pipeline. ... When we change a variable to the secret one, it...
Read more >
How to consume secret variables? · Issue #4123
I am using the classic release pipeline editor and not the YAML one. Can't seem to find a way to map them into...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Set-VstsTaskVariable Writes Secret Variable Value to Log

Next page

AzureKeyVault fails with 'endpoints_resolution_error'