Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Unable to use Secret variables in Override Template Parameters
See original GitHub issueI have some variables that are being created using Write-Verbose (“##vso[task.setvariable variable=$VariableName;issecret=true;]$VariableValue”). I then want to use these variables as parameters for an Azure deployment template using the Override Template Parameters section in the Azure Resource Group Deployment vsts task. I am expecting the parameter to be set to the value of $VariableValue. The actual value that I’m getting is ‘********’. If the variable is not set as secret, it works as expected.
Thanks in advance for any assistance I can get with this issue.
UPDATE After some investigation I have some updates for this issue.
Problem:
The actual root of the problem was the use of (ConvertTo-SecureString '$(VariableValue)' -AsPlainText -Force). When calling this with a hidden vsts variable it uses ******** instead of the correct value of the variable. I have also confirmed that this is the case for other tasks, not just in the Override Template Parameters section in the Azure Resource Group Deployment task.
Workaround:
Instead of making these vsts variables secret, I am instead encrypting the strings and storing them as plain text values which can later be used to get a secure string with (ConvertTo-SecureString -string '$(EncryptedValue)')
To do this for variables that you have defined in vsts you need to have a script that takes the hidden variable, does the conversion and then set the variable again, this time as plain text, with the encrypted string with the encrypted string.
Issue Analytics
- State:
- Created 6 years ago
- Comments:6 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I am aware that secrets are masked in the logs. What I am experiencing is the actual values being used are
********. e.g. I have a password for an sql server admin in a secret vsts variable I get the following error:This is because it is using
********as the value for the password, it’s not just being masked in the log. As I stated in my original post, if the variable is not marked as secret, the deployment works as expected and uses the intended values.@AinslieCleverdon Closing the issue now, if you still face some problem, do let us know.