Closed jazminelich closed 3 years ago
liprec
commented
4 years ago As far as I know the task should be able to process secret variables. Is this also the case with other tasks, eg https://docs.microsoft.com/en-us/azure/devops/pipelines/process/variables?view=azure-devops&tabs=yaml%2Cbatch#secret-variables?
jazminelich
commented
4 years ago I would think it should. What's weird is when I go into variables and I attempt to set a variable for the application key associated with a service principal, it looks like it works fine, but then I run the release and it says "invalid client secret". I wondered if it was because I was copy/pasting the key into the variable and then clicking the lock icon to lock it. So then I tried copy/pasting with it already locked. I also tried typing in the key in case it was adding ASCII characters to the string. After the release fails, it seems like the variables are not being stored because I click on the lock icon and it's empty. This is probably just so that people don't actually go in and see the key, but I'm confused by it. I tried using a variable group as well, and ran into the same issues. Yet somehow, if I simply copy/paste the client secret into the application key field, then the release succeeds just fine. I found that this issue happens with any variables I try to set. I wanted to do the same thing for our Azure SQL credentials and received the same type of error.
liprec
commented
4 years ago You are correct that you cannot retrieve the secret by 'unlocking' it: the value is empty. And secrets are only hidden for the user output/log and not for the tasks itself. The only thing I can think of is that there are characters in the password that are not correctly parsed by PowerShell. Can you change the password to one without any special characters?
jazminelich
commented
4 years ago That would make sense. Unfortunately, I am not able to change most of these passwords, but I did notice this when I looked at the YAML, so it does look like it's not recognizing the variables.
stale[bot]
commented
3 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
I am currently creating release pipelines using this tool in order to deploy data models to Azure Analysis Services using Azure Repos Git. When I go through the fields for connection information and input usernames/passwords in plain text directly in those fields, the release runs fine and succeeds. When I attempt to set pipeline variables to use these passwords without storing in plain text, I find that it is not actually using those variables. A common error I receive is that an invalid client secret was provided. If I put that client secret in plain text on the tasks option, then it works fine. It is only if I attempt to use it as a variable that is supposed to be locked. I'm not sure if anyone else has run into this issue or if I am doing something wrong, but it would be beneficial to be able to use the pipeline variables for passwords and such. Thank you!