github-actions[bot]
commented
3 years ago This issue is stale because it has been open for 180 days with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days
Open kythin opened 3 years ago
github-actions[bot]
commented
3 years ago This issue is stale because it has been open for 180 days with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days
kythin
commented
3 years ago Not stale, still an issue :(
toddwalstad-eaton
commented
3 years ago Agreed pulling from disk should be an option.
We are trying to work around this issue by uploading to secure file during the pipeline using this hack . I am also going to look at the source for this task and see if there is an easy way to add this.
dragon788
commented
2 years ago The Javascript is pretty annoying to reverse engineer, but this is the same process just less convoluted.
github-actions[bot]
commented
2 years ago This issue is stale because it has been open for 180 days with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days
toddwalstad-eaton
commented
2 years ago Not stale, this is still a valid request. @dragon788, can you add a comment, my comment isn't removing the stale flag it seems.
anatolybolshakov
commented
2 years ago Hi @toddwalstad-eaton thanks for reporting! We are working on more prioritized issues at the moment, but will get back to this one once be able to. This would probably require additional checks from the point of security.
ghost
commented
2 years ago I would like to suggest this issue is actually expanded to allow the task to work secrets from KeyVault, either directly fetching from Key Vault or using an output variable from the AzureKeyVault task.
Jaharmi
commented
1 year ago Agree with @asdaandrewhaigh. Support for certificates/identities store in Key Vault and/or using the output of AzureKeyVault task step would be logical improvements.
dragon788
commented
1 year ago In order to grab it from KeyVault your AzureKeyVault task would need to set runAsPreJob=true and you'd need to base64 decode if you stored it as a secret.
If you stored the certificate and key and password as a secret separately to assemble a p12 you'd need openssl or similar to create the bundle and I'm not sure if that is supported by Apple.
I have been able to store the name of a certificate in Secure Files in a Variable group backed by a KeyVault, but in the pipeline I had to export a variable that tricked the variable group execution of the Get Secrets Key Vault task to use runAsPreJob=true even though that isn't present in the UI, the trouble was it sets that for all future references to the Get Secrets task.
On Tue, Jan 24, 2023, 12:09 PM Jeremy Reichman @.***> wrote:
Agree with @asdaandrewhaigh https://github.com/asdaandrewhaigh. Support for certificates/identities store in Key Vault and/or using the output of AzureKeyVault task step would be logical improvements.
— Reply to this email directly, view it on GitHub https://github.com/microsoft/azure-pipelines-tasks/issues/13913#issuecomment-1402373561, or unsubscribe https://github.com/notifications/unsubscribe-auth/AADXCXQKNBZOW2BNVIVNTFTWUALEHANCNFSM4TZIQKSQ . You are receiving this because you were mentioned.Message ID: @.***>
github-actions[bot]
commented
1 year ago This issue is stale because it has been open for 180 days with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days
toddwalstad-eaton
commented
1 year ago Keeping this alive as I am not seeing any progress toward a resolution.
github-actions[bot]
commented
7 months ago This issue is stale because it has been open for 180 days with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days
toddwalstad-eaton
commented
7 months ago Any chance this could be worked on?
github-actions[bot]
commented
1 week ago This issue is stale because it has been open for 180 days with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days
Question, Bug, or Feature?
Type: Feature
Enter Task Name: InstallAppleCertificate
Environment
Issue Description
TL:DR; The InstallAppleCertificate task only works for secure files. Please add an option to install the certificate from a local working directory instead, as part of the normal execution phase.
We use a custom bash task early in the pipeline to populate the environment variables and download/decode some secure files based on our external secrets storage service (We use doppler.com but this could also apply to hashicorp vault or any other non-azure secure file service).
When building and signing iOS .ipa files, this process falls down because the InstallAppleCertificate task will ONLY work with azure pipeline secure files.
At the moment our temporary solve is to keep a copy of the p12 file in azure secure files, as well as our external vault. We also have to copy the password twice too, since the InstallAppleCertificate runs pre-job-execution before our external vault script has populated any variables. So, not ideal!
Thanks in advance 👍