Access azure variables secrets from variable groups in library using cli in pipeline
Can I access the variables set as Secret using Azure CLI or any script in the pipeline?
I have to update the variables but those are set as secrets are not updating but the command setting them null So, my question is can we do this? if yes then how? Note: I don't want to link the variables with Azure key vault
I was trying to update the variables groups using the update command but it not updating the variable values which set as secret instead making them null:
Executing:
az pipelines variable-group variable update \
--group-id 261 \
--name <groupname> \
--value <value> \
--organization <orgURL> \
--project "Test"
Output:
{
"Variable": {
"isSecret": true,
"value": null
}
}
The az pipelines variable-group variable update command will update the secret variable, but its value won't be displayed for security reasons - remember that is sensitive information that shouldn't be displayed in a console or pipeline logs.
Regarding Azure DevOps CLI authentication, see Sign in with a personal access token (PAT).
Example pipeline
Consider the following pipeline with 2 jobs:
- job1 updates the value of variable
foofrom variable groupgroup1(ID=14) - job2 references variable group
group1and displays the value of variablefoo
trigger: none
pool:
vmImage: 'ubuntu-latest'
jobs:
- job: job1
steps:
- checkout: none
- bash: |
az pipelines variable-group variable update \
--group-id 14 \
--name foo \
--value 'updated value' \
--organization 'https://dev.azure.com/myorg/' \
--project 'myproject'
displayName: 'Update variable'
env:
AZURE_DEVOPS_EXT_PAT: $(System.AccessToken) # ensure token has enough permissions to run the command
- job: job2
dependsOn: job1
variables:
- group: 'group1'
steps:
- checkout: none
# See https://stackoverflow.com/a/71746562/558486
# For debugging purposes only, do NOT use it in production
- bash: |
echo "MY_SECRET: ${MY_SECRET:0:1} ${MY_SECRET:1:100}"
displayName: 'Display variable'
env:
MY_SECRET: $(foo)
Output of task in job1:
Output of task in job2:
- How to split a column into two columns to separate two values in a cell when some cells don't contain two values to split using dplyr in R
- Remove last two path components of a path in a shell variable
- Recursion - Not Returning Values as Expected
- How do you know a variable type in java?
- How can I have a variable sample time for logging data in simulink?
- why indirect variable reference not work in bash dictionary
- IntelliJ IDEA underlines variables when using += in Java
- Putting a variable value into a input's string
- Simple Find and Replace Text in Sublime Text Using REGEX
- What is the difference between var and val in Kotlin?
- C# Message Box, variable usage
- when declaring an object how do you specify the no name if it's ambiguous
- How to pass a Bash variable to Python?
- Avoid evaluation of variables in a Makefile
- Using a variable to set a userform object name
- How to pass parameters or arguments into a Gradle task?
- in gnucobol, sub programs of one parent can't invoke each other
- How to keep track of where you are in an Ansible loop?
- Excel VBA - Having issues while Using Range Function with multiple variables in Embedded Charts
- How do I 'declare' an empty bytes variable?
- How to create module-wide variables in Python?
- How can you print a variable name in python?
- How to insert string into a string as a variable?
- I'm trying to set up a header, included inside the layout file, that imports the online status of a user. But it is only refreshing when I navigate
- Using Template Stages in Azure DevOps Pipeline
- Passing Variables between Stages in Azure DevOps Pipeline
- subtracting variables within two different netcdf files
- Ansible variable undefined syntax error using set_fact
- Local variable being stored over different function calls. weird
- How to pass a list from Python, by Jinja2 to JavaScript