ADO YAML Pipelines | How to get secret variable from a variable group based on the value of another variable
In my project, i can get the value of a variable defined inside a variable group like this, without no problem
steps:
- checkout: none
- bash: |
echo $(shared-smtp-user)
But then, later in the code, i need to put into files the value of some variables from a variable group, and i do something like this
parameters:
# The targetVariables to put inside secrets/, for example
# targetVariables:
# - shared-azure-devops-pat
# - shared-ldap-password
# - shared-ldap-user
# - shared-smtp-user
- name: targetVariables
type: object
jobs:
- job: echo_secret_files
displayName: 🗣️ Echo secret files
steps:
- checkout: none
- bash: |
echo "Echoing targetVariables into secrets/"
echo "using targetVariables ${{ convertToJson(parameters.targetVariables) }}"
mkdir -p ./secrets/
echo $(shared-smtp-user) # THIS WORKS !!!
displayName: Display information about the secrets being used
- ${{ each variableName in parameters.targetVariables }}:
- bash: |
echo $SECRET_VALUE > ./secrets/${variableName}.txt
env:
SECRET_VALUE: "$( ${{ variableName }} )" # THIS IS NOT WORKING!!!
displayName: Generate file for ${{ variableName }}
- bash: tree secrets/ -a
displayName: Display the generated secrets
For some weird reason, i cant assing a value to SECRET_VALUE using this syntax "$( ${{ variableName }} )"
What im trying to do, for each item inside parameters.targetVariables, set the value of SECRET_VALUE to $(variableName), and then echo $SECRET_VALUE into a file.
Is there any way i can do $(myVariableNameHere), but without actually hardcoding myVariableNameHere, and instead using the variable from the each loop (called variableName)?
As Rui Jarimba's answer, you need to change the env format to ENV_VALUE: $(${{ variableName }}) to get the secret variable in variable group based on parameter value.
In addition, you need to make the following changes in YAML to achieve your goal.
1.You need to change the bash script:
From:
echo $SECRET_VALUE > ./secrets/${variableName}.txt
To
echo $SECRET_VALUE > ./secrets/${{variableName}}.txt
Then it will generate the txt file based on variable name.
2.You need to change the SECRET Key word in the environment variable in bash task.
For example:
SECRET_VALUE -> MAPPED_VALUE
Based on my test, if the env variable contains the SECRET Key word, it will return the empty value.
Here is the full yaml sample:
pool:
vmimage: ubuntu-latest
parameters:
- name: targetVariables
type: object
default:
- shared-smtp-user
- shared-ldap-password
variables:
- group: variablegroupname
jobs:
- job: echo_secret_files
displayName: 🗣️ Echo secret files
steps:
- checkout: none
- bash: |
echo "Echoing targetVariables into secrets/"
echo "using targetVariables ${{ convertToJson(parameters.targetVariables) }}"
mkdir -p ./secrets/
echo $(shared-smtp-user)
displayName: Display information about the secrets being used
- ${{ each variableName in parameters.targetVariables }}:
- bash: |
echo $MAPPED_VALUE > ./secrets/${{variableName}}.txt
env:
MAPPED_VALUE: $(${{ variableName }})
displayName: Generate file for ${{ variableName }}
- bash: tree secrets/ -a
displayName: Display the generated secrets
Result:
- Azure yaml trigger pipeline every 14 days on a Saturday
- How to assign organization-level permissions to create repositories across all projects in organization in Azure DevOps?
- Updating Node js on internal windows ADO build agent
- Authenticating using the Azure CLI is only supported as a User (not a Service Principal)
- DotNetCLI@2 pack seems to be ignoring configuration inputs
- Build a pipeline in AzureDevOps for Sql Server on prem to run sql scripts
- How to format Azure DevOps console Logs
- How to follow the entire wiki in Azure DevOps?
- Issue with Azure key vault and Azure storage account deployment
- Publishing external POM Package to Azure Artifacts Feed Error
- lionbridge-connector on Azure Artifacts gives Dependency Error
- How to allow an empty string for a runtime parameter?
- Azure - RBAC to Management Group
- Python (Dash) web app deployment on Azure with pipeline running too long with message Building wheel for pandas still running. How to optimize?
- No 'Import a pipeline' button in Azure DevOps
- ASP.NET Azure Web App Pipeline: No package found with specified pattern: D:\a\1\s\**\*.zip
- Error when creating a pipeline. "You don’t appear to have an active Azure subscription."
- ADO YAML Pipelines | How to get secret variable from a variable group based on the value of another variable
- Azure Devops - Get release definitions by agent pool ID
- Azure Pipelines using YAML for multiple environments (stages) with different variable values but no YAML duplication
- How to specify which version of nuget.exe to use with self-hosted agent in Azure DevOps?
- Login failed for user '<token-identified principal>' while authorizing to SQL Server via Service Principal from AAD group assigned
- Azure DevOps - JFrogNuget Error - Error occurred while executing task: Error: Command failed
- Access Azure DevOps Pipeline Artifacts from different organization
- Initiate Azure DevOps Release Pipeline from Logic App and Retrieve Environment Variable Output from the pipeline
- Is it necessary to switch from the Hosted XML to the Inheritance Process Model after a migration
- Why is Azure Pipelines installing the wrong .NET SDK version (according to global.json)
- Azure pipeline does't allow to git push throwing 'GenericContribute' permission is needed
- Azure Devops - How to START one stage before parallel stages?
- Dynamically populate DependsOn in Azure DevOps Yaml job