Search code examples
powershellazure-devopsazure-pipelinesazure-powershellazure-pipelines-yaml

Powershell how to use azure vault secret value using yaml


I am new to yaml file, I am facing issues.

error : "The term 'devkey' is not recognized as a name of a cmdlet, function, script file, or operable program."

I have variable group called devVariables, that has storage account name, azure subscription variables stored.. When I try to use secret value using AzureVault@2 it does not pick up the value.

parameters:
 - name: env
   displayName: Enviornment
   type: string
   default: dev
   values:
     -dev
     -qa
     -prod

variables:
  -group: ${{format('{0}Variables', parameters.env}}

- task: AzureKeyVault@2
  inputs:
    azureSubscription: $(azureSubscription)
    KeyVaultName: 'abc-$(env)'
    SecretFilter: 'secret-$(env)'
    RunAsPreJob: false

- task: AzurePowershell@5
  inputs:
    azureSubscription : $(azureSubscription)
    ScriptType: 'InlineSciprt'
    Inline: |
     $devkey = $(secret-$(env))
     $storageContext = New-AzStorageContext -StorageAccountName $(StorageAccountName) -StorageAccountKey $(devkey)

ATTEMPTS:

  1. instead of defining devKey, use directly did not work.
$storageContext = New-AzStorageContext -StorageAccountName $(StorageAccountName) -StorageAccountKey $(secret-$(env))

Any Help would be appreciated....!


Solution

  • Your yml file has various formatting issues. It works now, although it does not meet best practices. You can learn the basic format first, otherwise there will always be various problems.

    pool:
      vmImage: windows-latest
    
    parameters:
    - name: env
      displayName: Enviornment
      type: string
      default: dev
      values:
      - dev
      - qa
      - prod
    
    variables:
    - group: ${{format('{0}Variables', parameters.env)}}
    
    steps:
    - task: AzureKeyVault@2
      name: setSecretInVariable
      inputs:
        azureSubscription: $(azureSubscription)
        KeyVaultName: 'abc-$(env)'
        SecretFilter: 'secret-${{ parameters.env }}'
    
    - task: AzurePowerShell@5
      name: getSacontext
      inputs:
        azureSubscription: $(azureSubscription)
        azurePowerShellVersion: LatestVersion
        ScriptType: 'InlineScript'
        Inline: |
          $devkey = "$(secret-${{ parameters.env }})"
    
          $storageContext = New-AzStorageContext -StorageAccountName $(StorageAccountName) -StorageAccountKey $devkey
          
          $storageContext
    

    enter image description here