Azure / azure-devops-cli-extension

Azure DevOps Extension for Azure CLI
https://docs.microsoft.com/en-us/cli/azure/ext/azure-devops/?view=azure-cli-latest
MIT License
632 stars 241 forks source link

build library secure files #204

Open saccy opened 6 years ago

saccy commented 6 years ago

Are there any plans to add 'build > library > secure files' components to the VSTS cli that would enable uploading secrets?


Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

benc-uk commented 5 years ago

We definitely need this Since I've started working only with YAML builds, asking people to drop out to the UI just to set a storage key or other secret value feels really clumsy

geverghe commented 5 years ago

We have included variable groups and variables for YAML pipelines with version 12. Wouldn't this work for your use case?

geverghe commented 5 years ago

@benc-uk - did you have a chance to look at v12 of the azure devops extension which supports variables and variables groups (including secret types)? Would this suffice?

damphyr commented 5 years ago

+1 for this feature. Uploading a secret file

Simple variables for secrets are...less than usable - somehow they do not show up in the GUI when created. Variable groups are better, but you are forced to create a non-secret variable just to be able to create the group. Also, things like certificates for signing mobile apps are much easier to manage as secret files than env variables.

dfoulk commented 4 years ago

We would like to be able to upload secure files via the Azure CLI DevOps extension as well. With our Apple certificates expiring annually, it becomes quite the pain to update the code signing files (keystore & p12).

I decided to write a script that automates the updating of these files in DevOps > Pipelines > Library > Secure Files so that I don't have to research the locations of these files every year. Come to find out- this doesn't appear to be possible with the Azure CLI DevOps extension.

Note: I have no experience with the CLI tools, so please don't think me stupid. I'm just new! 😁

I was hoping for a command like:

az pipelines secure-file publish --organization MyOrganization --project MyProject --path "C:\Users\Me\AppData\Local\Xamarin\Mono for Android\Keystore\MyKeysore\MyKeysore.keystore"

This would REALLY help us out with setting up Pipelines for our Xamarin.Forms projects. Thanks.

gaochundong commented 4 years ago

+1 for this feature. Uploading a secret file.

jrydow commented 4 years ago

+1 for this. This would be really useful to be able to update secrets efficiently for terraform based pipelines.

jibinbabu commented 3 years ago

+1 so badly need this command as we destroy and recreate AKS clusters quite often and evertime we have to manually come and update the cluster certs in secure files

jrydow commented 3 years ago

Any news on this? Variable and variable groups does not quite cut it. This would be so useful when passing stuff to terraform as files in order to define the stuff in the file once and in one place.

ben-p-commits commented 3 years ago

Hoping to see this come along.... really want to manage secure files via CLI.

spoelstraethan commented 3 years ago

It is possible if you can do a bit of Powershell/Python/Javascript to interact with the REST API directly.

https://github.com/microsoft/azure-pipelines-tasks/issues/9172

Specifically https://github.com/microsoft/azure-pipelines-tasks/issues/9172#issuecomment-626474029

and https://github.com/microsoft/azure-pipelines-tasks/issues/9172#issuecomment-655569961

https://github.com/microsoft/azure-pipelines-tasks/issues/9172#issuecomment-853098180

nbraun-wolf commented 2 years ago

What is the scope of this API ? I am trying to authenticate via az rest so AD instead of PAT but it wants me to provide a scope. I cannot find out what is is.