[REGRESSION]: AzureKeyVault@2 fails reading secrets from a variable group linked to a Key Vault on classic release pipeline

[Medfar-DavidFrancis]

New issue checklist

• [X] I searched for existing GitHub issues
• [X] I read pipeline troubleshooting guide
• [X] I checked how to collect logs

Task name

AzureKeyVault@2

Breaking task version

2.243.1

Issue persists on 2.243.2 and 2.243.3

Last working task version

2.243.0

Regression Description

Azure Key Vault task fails with "Right-hand side of 'instanceof' is not an object" when reading secrets from a linked variable group that is attached to a Key Vault.

Note related to the log below: the WARNING: can't open config file is present in the logs of previous successful runs.

Environment type (Please select at least one enviroment where you face this issue)

• [X] Self-Hosted
• [ ] Microsoft Hosted
• [ ] VMSS Pool
• [ ] Container

Azure DevOps Server type

dev.azure.com (formerly visualstudio.com)

Azure DevOps Server Version (if applicable)

No response

Operation system

Windows Server 2016 DataCenter

Relevant log output

2024-08-07T15:16:15.1870495Z ##[section]Starting: Download secrets: REDACTED_KEYVAULT_NAME
2024-08-07T15:16:15.2330898Z ==============================================================================
2024-08-07T15:16:15.2331351Z Task         : Azure Key Vault
2024-08-07T15:16:15.2332258Z Description  : Download Azure Key Vault secrets
2024-08-07T15:16:15.2332568Z Version      : 2.243.3
2024-08-07T15:16:15.2332890Z Author       : Microsoft Corporation
2024-08-07T15:16:15.2333326Z Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/deploy/azure-key-vault
2024-08-07T15:16:15.2333808Z ==============================================================================
2024-08-07T15:16:16.1918684Z SubscriptionId: REDACTED_SUBSCRIPTION_UUID.
2024-08-07T15:16:16.1920558Z Key vault name: REDACTED_KEYVAULT_NAME.
2024-08-07T15:16:16.1962826Z Downloading secret value for: REDACTED_SECRET_NAME_1.
2024-08-07T15:16:16.1972424Z Downloading secret value for: REDACTED_SECRET_NAME_2.
2024-08-07T15:16:16.2057353Z [command]C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\openssl\openssl.exe x509 -sha1 -noout -in C:\azagent\A1\_work\_temp\spnCert.pem -fingerprint
2024-08-07T15:16:16.2708413Z WARNING: can't open config file: /usr/local/ssl/openssl.cnf
2024-08-07T15:16:16.2709114Z SHA1 Fingerprint=REDACTED_SHA_FINGERPRINT
2024-08-07T15:16:16.2772620Z [command]C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\openssl\openssl.exe x509 -sha1 -noout -in C:\azagent\A1\_work\_temp\spnCert.pem -fingerprint
2024-08-07T15:16:16.3319090Z WARNING: can't open config file: /usr/local/ssl/openssl.cnf
2024-08-07T15:16:16.3319769Z SHA1 Fingerprint=REDACTED_SHA_FINGERPRINT
2024-08-07T15:16:16.3387049Z ##[error]
REDACTED_SECRET_NAME_1: "Right-hand side of 'instanceof' is not an object"
REDACTED_SECRET_NAME_2: "Right-hand side of 'instanceof' is not an object"
2024-08-07T15:16:16.3506877Z ##[section]Finishing: Download secrets: REDACTED_KEYVAULT_NAME

Full task logs with system.debug enabled

2024-08-09T13:50:25.2317832Z ##[debug]Evaluating condition for step: 'Download secrets: kv-name-redacted'
2024-08-09T13:50:25.2321129Z ##[debug]Evaluating: succeeded()
2024-08-09T13:50:25.2321937Z ##[debug]Evaluating succeeded:
2024-08-09T13:50:25.2323312Z ##[debug]=> True
2024-08-09T13:50:25.2324546Z ##[debug]Result: True
2024-08-09T13:50:25.2325869Z ##[section]Starting: Download secrets: kv-name-redacted
2024-08-09T13:50:25.2781685Z ==============================================================================
2024-08-09T13:50:25.2782129Z Task         : Azure Key Vault
2024-08-09T13:50:25.2782483Z Description  : Download Azure Key Vault secrets
2024-08-09T13:50:25.2782807Z Version      : 2.243.3
2024-08-09T13:50:25.2783700Z Author       : Microsoft Corporation
2024-08-09T13:50:25.2784154Z Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/deploy/azure-key-vault
2024-08-09T13:50:25.2784640Z ==============================================================================
2024-08-09T13:50:25.2905991Z ##[debug]Using node path: C:\azagent\A1\externals\node10\bin\node.exe
2024-08-09T13:50:25.6442536Z ##[debug]agent.TempDirectory=C:\azagent\A1\_work\_temp
2024-08-09T13:50:25.6495643Z ##[debug]loading inputs and endpoints
2024-08-09T13:50:25.6561901Z ##[debug]loading ENDPOINT_AUTH_f8ce6530-cb35-47f2-80e9-d108c504b084
2024-08-09T13:50:25.6591943Z ##[debug]loading ENDPOINT_AUTH_PARAMETER_f8ce6530-cb35-47f2-80e9-d108c504b084_AUTHENTICATIONTYPE
2024-08-09T13:50:25.6600197Z ##[debug]loading ENDPOINT_AUTH_PARAMETER_f8ce6530-cb35-47f2-80e9-d108c504b084_SERVICEPRINCIPALCERTIFICATE
2024-08-09T13:50:25.6601918Z ##[debug]loading ENDPOINT_AUTH_PARAMETER_f8ce6530-cb35-47f2-80e9-d108c504b084_SERVICEPRINCIPALID
2024-08-09T13:50:25.6603429Z ##[debug]loading ENDPOINT_AUTH_PARAMETER_f8ce6530-cb35-47f2-80e9-d108c504b084_TENANTID
2024-08-09T13:50:25.6606302Z ##[debug]loading ENDPOINT_AUTH_PARAMETER_SYSTEMVSSCONNECTION_ACCESSTOKEN
2024-08-09T13:50:25.6609411Z ##[debug]loading ENDPOINT_AUTH_SCHEME_f8ce6530-cb35-47f2-80e9-d108c504b084
2024-08-09T13:50:25.6613659Z ##[debug]loading ENDPOINT_AUTH_SCHEME_SYSTEMVSSCONNECTION
2024-08-09T13:50:25.6617863Z ##[debug]loading ENDPOINT_AUTH_SYSTEMVSSCONNECTION
2024-08-09T13:50:25.6621717Z ##[debug]loading INPUT_CONNECTEDSERVICENAME
2024-08-09T13:50:25.6625866Z ##[debug]loading INPUT_KEYVAULTNAME
2024-08-09T13:50:25.6628234Z ##[debug]loading INPUT_RUNASPREJOB
2024-08-09T13:50:25.6631188Z ##[debug]loading INPUT_SECRETSFILTER
2024-08-09T13:50:25.6649622Z ##[debug]loading SECRET_DATADOG_APIKEY
2024-08-09T13:50:25.6652713Z ##[debug]loading SECRET_DATADOG_APPKEY
2024-08-09T13:50:25.6659098Z ##[debug]loading SECRET_IISAPPPOOLPASSWORD
2024-08-09T13:50:25.6662308Z ##[debug]loading SECRET_MEDFAR:PHARMACY:TOKENKEY
2024-08-09T13:50:25.6666104Z ##[debug]loading SECRET_MEDFAR:PHARMACY:TWILIO:AUTHTOKEN
2024-08-09T13:50:25.6671112Z ##[debug]loading SECRET_MEDFAR:PORTAL:INTERFACES:MAILGUN:APIKEY
2024-08-09T13:50:25.6673406Z ##[debug]loading SECRET_MEDFAR:PORTAL:TOKEN:KEYS:SYMMETRIC
2024-08-09T13:50:25.6677411Z ##[debug]loading SECRET_MEDFAR:TWILIO:AUTHTOKEN
2024-08-09T13:50:25.6683460Z ##[debug]loading SECRET_RABBITMQADMINPASSWORD
2024-08-09T13:50:25.6696312Z ##[debug]loading SECRET_RABBITMQWEBPASSWORD
2024-08-09T13:50:25.6699646Z ##[debug]loading SECRET_RABBITMQWORKERPASSWORD
2024-08-09T13:50:25.6700637Z ##[debug]loading SECRET_SERVICEPASSWORD
2024-08-09T13:50:25.6706947Z ##[debug]loaded 25
2024-08-09T13:50:25.6717377Z ##[debug]Agent.ProxyUrl=undefined
2024-08-09T13:50:25.6718681Z ##[debug]Agent.CAInfo=undefined
2024-08-09T13:50:25.6719334Z ##[debug]Agent.ClientCert=undefined
2024-08-09T13:50:25.6720069Z ##[debug]Agent.SkipCertValidation=undefined
2024-08-09T13:50:25.7423131Z ##[debug]agent.proxyurl=undefined
2024-08-09T13:50:25.7424008Z ##[debug]VSTS_ARM_REST_IGNORE_SSL_ERRORS=undefined
2024-08-09T13:50:25.7424783Z ##[debug]AZURE_HTTP_USER_AGENT=VSTS_c6240da3-e74a-4a44-81bf-179928ae89d9_release_1_1540_5622_1
2024-08-09T13:50:26.1701010Z ##[debug]Using msalv1
2024-08-09T13:50:26.2318836Z ##[debug]check path : C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\module.json
2024-08-09T13:50:26.2326872Z ##[debug]adding resource file: C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\module.json
2024-08-09T13:50:26.2327902Z ##[debug]system.culture=en-US
2024-08-09T13:50:26.2367806Z ##[debug]Agent.TempDirectory=C:\azagent\A1\_work\_temp
2024-08-09T13:50:26.2394219Z ##[debug]Resource file has already set to: C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\module.json
2024-08-09T13:50:26.2450700Z ##[debug]Resource file has already set to: C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\module.json
2024-08-09T13:50:26.2452165Z ##[debug]Resource file has already set to: C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\module.json
2024-08-09T13:50:26.2497229Z ##[debug]RunAsPreJob=false
2024-08-09T13:50:26.2500468Z ##[debug]Setting resource path to C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\task.json
2024-08-09T13:50:26.2501629Z ##[debug]check path : C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\task.json
2024-08-09T13:50:26.2502838Z ##[debug]adding resource file: C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\task.json
2024-08-09T13:50:26.2503752Z ##[debug]system.culture=en-US
2024-08-09T13:50:26.2528482Z ##[debug]ConnectedServiceName=f8ce6530-cb35-47f2-80e9-d108c504b084
2024-08-09T13:50:26.2529415Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 data SubscriptionId = subscription-id-redacted
2024-08-09T13:50:26.2530778Z ##[debug]KeyVaultName=kv-name-redacted
2024-08-09T13:50:26.2535059Z ##[debug]SecretsFilter=secret-1-name-redacted,secret-2-name-redacted
2024-08-09T13:50:26.2535947Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 data AzureKeyVaultDnsSuffix = vault.azure.net
2024-08-09T13:50:26.2541104Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 auth param serviceprincipalid = ***
2024-08-09T13:50:26.2543484Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 auth scheme = ServicePrincipal
2024-08-09T13:50:26.2552285Z ##[debug]USE_MSAL=undefined
2024-08-09T13:50:26.2555433Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 auth scheme = ServicePrincipal
2024-08-09T13:50:26.2557809Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 data subscriptionid = subscription-id-redacted
2024-08-09T13:50:26.2558721Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 data subscriptionname = Subscription Name
2024-08-09T13:50:26.2560391Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 auth param serviceprincipalid = ***
2024-08-09T13:50:26.2561324Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 data environmentAuthorityUrl = https://login.windows.net/
2024-08-09T13:50:26.2563506Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 auth param tenantid = ***
2024-08-09T13:50:26.2564373Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084=https://management.azure.com/
2024-08-09T13:50:26.2565275Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 data environment = AzureCloud
2024-08-09T13:50:26.2567790Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 auth scheme = ServicePrincipal
2024-08-09T13:50:26.2568610Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 data msiclientId = undefined
2024-08-09T13:50:26.2569532Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 data activeDirectoryServiceEndpointResourceId = https://management.core.windows.net/
2024-08-09T13:50:26.2570555Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 data AzureKeyVaultServiceEndpointResourceId = https://vault.azure.net
2024-08-09T13:50:26.2571480Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 data AzureKeyVaultDnsSuffix = vault.azure.net
2024-08-09T13:50:26.2573938Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 data ScopeLevel = Subscription
2024-08-09T13:50:26.2574725Z ##[debug]MSAL - getEndpoint - useGraphActiveDirectoryResource=false
2024-08-09T13:50:26.2575436Z ##[debug]MSAL - getEndpoint - useMSAL=false
2024-08-09T13:50:26.2578023Z ##[debug]MSAL - getEndpoint - endpoint={"subscriptionID":"subscription-id-redacted","subscriptionName":"Subscription Name","servicePrincipalClientID":"***","environmentAuthorityUrl":"https://login.windows.net/","tenantID":"***","url":"https://management.azure.com/","environment":"AzureCloud","scheme":"ServicePrincipal","activeDirectoryResourceID":"https://management.core.windows.net/","azureKeyVaultServiceEndpointResourceId":"https://vault.azure.net","azureKeyVaultDnsSuffix":"vault.azure.net","scopeLevel":"Subscription"}
2024-08-09T13:50:26.2583794Z ##[debug]MSAL - getEndpoint - connectedServiceName=f8ce6530-cb35-47f2-80e9-d108c504b084
2024-08-09T13:50:26.2584868Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 auth param authenticationType = ***
2024-08-09T13:50:26.2585592Z ##[debug]certificate spn endpoint
2024-08-09T13:50:26.2597981Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 auth param servicePrincipalCertificate = ***
2024-08-09T13:50:26.2599110Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 data EnableAdfsAuthentication = false
2024-08-09T13:50:26.2605230Z ##[debug]f8ce6530-cb35-47f2-80e9-d108c504b084 auth param apitoken = undefined
2024-08-09T13:50:26.2618072Z ##[debug]{"subscriptionID":"subscription-id-redacted","subscriptionName":"Subscription Name","servicePrincipalClientID":"***","environmentAuthorityUrl":"https://login.windows.net/","tenantID":"***","url":"https://management.azure.com/","environment":"AzureCloud","scheme":"ServicePrincipal","activeDirectoryResourceID":"https://management.azure.com/","azureKeyVaultServiceEndpointResourceId":"https://vault.azure.net","azureKeyVaultDnsSuffix":"vault.azure.net","scopeLevel":"Subscription","authenticationType":"***","servicePrincipalCertificate":***,"servicePrincipalCertificatePath":"C:\\azagent\\A1\\_work\\_temp\\spnCert.pem","isADFSEnabled":false,"applicationTokenCredentials":{"connectedServiceName":"f8ce6530-cb35-47f2-80e9-d108c504b084","clientId":"***","tenantId":"***","baseUrl":"https://management.azure.com/","authorityUrl":"https://login.windows.net/","activeDirectoryResourceId":"https://management.azure.com/","isAzureStackEnvironment":false,"authType":"***","certFilePath":"C:\\azagent\\A1\\_work\\_temp\\spnCert.pem","isADFSEnabled":false,"useMSAL":false,"tokenMutex":{"_semaphore":{"_value":1,"_cancelError":{},"_weightedQueues":[],"_weightedWaiters":[]}}}}
2024-08-09T13:50:26.2636952Z SubscriptionId: subscription-id-redacted.
2024-08-09T13:50:26.2643323Z Key vault name: kv-name-redacted.
2024-08-09T13:50:26.2644897Z ##[debug]set SYSTEM_UNSAFEALLOWMULTILINESECRET=true
2024-08-09T13:50:26.2652073Z ##[debug]Processed: ##vso[task.setvariable variable=SYSTEM_UNSAFEALLOWMULTILINESECRET;isOutput=false;issecret=false;]true
2024-08-09T13:50:26.2653819Z ##[debug]Downloading selected secrets from subscriptionId: subscription-id-redacted, vault: kv-name-redacted
2024-08-09T13:50:26.2657044Z ##[debug]Downloading part [0 - 2] (total 2 secrets)
2024-08-09T13:50:26.2658150Z ##[debug]Promise for downloading secret value for: secret-1-name-redacted
2024-08-09T13:50:26.2664824Z Downloading secret value for: secret-1-name-redacted.
2024-08-09T13:50:26.2686737Z ##[debug]Promise for downloading secret value for: secret-2-name-redacted
2024-08-09T13:50:26.2687775Z Downloading secret value for: secret-2-name-redacted.
2024-08-09T13:50:26.2711182Z ##[debug]which 'C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\openssl\openssl'
2024-08-09T13:50:26.2758737Z ##[debug]found: 'C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\openssl\openssl.exe'
2024-08-09T13:50:26.2760656Z ##[debug]which 'C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\openssl\openssl.exe'
2024-08-09T13:50:26.2766572Z ##[debug]found: 'C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\openssl\openssl.exe'
2024-08-09T13:50:26.2770087Z ##[debug]C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\openssl\openssl.exe arg: ["x509","-sha1","-noout","-in","C:\\azagent\\A1\\_work\\_temp\\spnCert.pem","-fingerprint"]
2024-08-09T13:50:26.2772206Z ##[debug]C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\openssl\openssl.exe arg: ["x509","-sha1","-noout","-in","C:\\azagent\\A1\\_work\\_temp\\spnCert.pem","-fingerprint"]
2024-08-09T13:50:26.2774391Z ##[debug]exec tool: C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\openssl\openssl.exe
2024-08-09T13:50:26.2775616Z ##[debug]exec tool: C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\openssl\openssl.exe
2024-08-09T13:50:26.2776468Z ##[debug]arguments:
2024-08-09T13:50:26.2777062Z ##[debug]arguments:
2024-08-09T13:50:26.2777618Z ##[debug]   x509
2024-08-09T13:50:26.2778234Z ##[debug]   x509
2024-08-09T13:50:26.2778789Z ##[debug]   -sha1
2024-08-09T13:50:26.2779377Z ##[debug]   -sha1
2024-08-09T13:50:26.2780453Z ##[debug]   -noout
2024-08-09T13:50:26.2781782Z ##[debug]   -noout
2024-08-09T13:50:26.2782870Z ##[debug]   -in
2024-08-09T13:50:26.2783420Z ##[debug]   -in
2024-08-09T13:50:26.2784065Z ##[debug]   C:\azagent\A1\_work\_temp\spnCert.pem
2024-08-09T13:50:26.2784751Z ##[debug]   C:\azagent\A1\_work\_temp\spnCert.pem
2024-08-09T13:50:26.2785380Z ##[debug]   -fingerprint
2024-08-09T13:50:26.2785961Z ##[debug]   -fingerprint
2024-08-09T13:50:26.2787306Z [command]C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\openssl\openssl.exe x509 -sha1 -noout -in C:\azagent\A1\_work\_temp\spnCert.pem -fingerprint
2024-08-09T13:50:26.3462958Z WARNING: can't open config file: /usr/local/ssl/openssl.cnf
2024-08-09T13:50:26.3463696Z SHA1 Fingerprint=89:56:DB:B5:4A:44:55:2B:47:5C:C2:A4:8D:2D:88:74:B6:6F:DC:E4
2024-08-09T13:50:26.3464668Z ##[debug]FINGERPRINT CREATION SUCCESSFUL
2024-08-09T13:50:26.3504143Z ##[debug]which 'C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\openssl\openssl'
2024-08-09T13:50:26.3510586Z ##[debug]found: 'C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\openssl\openssl.exe'
2024-08-09T13:50:26.3511841Z ##[debug]which 'C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\openssl\openssl.exe'
2024-08-09T13:50:26.3513100Z ##[debug]found: 'C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\openssl\openssl.exe'
2024-08-09T13:50:26.3514454Z ##[debug]C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\openssl\openssl.exe arg: ["x509","-sha1","-noout","-in","C:\\azagent\\A1\\_work\\_temp\\spnCert.pem","-fingerprint"]
2024-08-09T13:50:26.3516051Z ##[debug]C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\openssl\openssl.exe arg: ["x509","-sha1","-noout","-in","C:\\azagent\\A1\\_work\\_temp\\spnCert.pem","-fingerprint"]
2024-08-09T13:50:26.3517919Z ##[debug]exec tool: C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\openssl\openssl.exe
2024-08-09T13:50:26.3519061Z ##[debug]exec tool: C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\openssl\openssl.exe
2024-08-09T13:50:26.3519897Z ##[debug]arguments:
2024-08-09T13:50:26.3520480Z ##[debug]arguments:
2024-08-09T13:50:26.3521033Z ##[debug]   x509
2024-08-09T13:50:26.3521595Z ##[debug]   x509
2024-08-09T13:50:26.3522151Z ##[debug]   -sha1
2024-08-09T13:50:26.3522705Z ##[debug]   -sha1
2024-08-09T13:50:26.3523263Z ##[debug]   -noout
2024-08-09T13:50:26.3523819Z ##[debug]   -noout
2024-08-09T13:50:26.3524399Z ##[debug]   -in
2024-08-09T13:50:26.3524931Z ##[debug]   -in
2024-08-09T13:50:26.3525554Z ##[debug]   C:\azagent\A1\_work\_temp\spnCert.pem
2024-08-09T13:50:26.3526235Z ##[debug]   C:\azagent\A1\_work\_temp\spnCert.pem
2024-08-09T13:50:26.3526863Z ##[debug]   -fingerprint
2024-08-09T13:50:26.3527442Z ##[debug]   -fingerprint
2024-08-09T13:50:26.3528366Z [command]C:\azagent\A1\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e\2.243.3\node_modules\azure-pipelines-tasks-azure-arm-rest\openssl\openssl.exe x509 -sha1 -noout -in C:\azagent\A1\_work\_temp\spnCert.pem -fingerprint
2024-08-09T13:50:26.4091710Z WARNING: can't open config file: /usr/local/ssl/openssl.cnf
2024-08-09T13:50:26.4092444Z SHA1 Fingerprint=89:56:DB:B5:4A:44:55:2B:47:5C:C2:A4:8D:2D:88:74:B6:6F:DC:E4
2024-08-09T13:50:26.4093765Z ##[debug]FINGERPRINT CREATION SUCCESSFUL
2024-08-09T13:50:26.4111193Z ##[debug]{}
2024-08-09T13:50:26.4114250Z ##[debug]{}
2024-08-09T13:50:26.4116652Z ##[debug]Downloaded part [0 - 2] (took 147 ms) (total 2 secrets)
2024-08-09T13:50:26.4120801Z ##[debug]task result: Failed
2024-08-09T13:50:26.4165046Z ##[error]
secret-1-name-redacted: "Right-hand side of 'instanceof' is not an object"
secret-2-name-redacted: "Right-hand side of 'instanceof' is not an object"
2024-08-09T13:50:26.4177734Z ##[debug]Processed: ##vso[task.issue type=error;source=TaskInternal;]%0Asecret-1-name-redacted: "Right-hand side of 'instanceof' is not an object"%0Asecret-2-name-redacted: "Right-hand side of 'instanceof' is not an object"
2024-08-09T13:50:26.4182648Z ##[debug]Processed: ##vso[task.complete result=Failed;]%0Asecret-1-name-redacted: "Right-hand side of 'instanceof' is not an object"%0Asecret-2-name-redacted: "Right-hand side of 'instanceof' is not an object"
2024-08-09T13:50:26.4313116Z ##[section]Finishing: Download secrets: kv-name-redacted

Repro steps

1. In Azure DevOps, create a new Variable Group
2. Link the variable group to a Key Vault
3. Add one or more secrets from the vault to the variable group
4. Save the variable group
5. Edit a classic release pipeline
6. Link the variable group to the pipeline 
7. Save the pipeline
8. Create a release

### Workaround
1. Stop the Azure DevOps agent on the affected server(s)
2. Delete the `2.243.1` (or greater) folder in `%agentPath%\_work\_tasks\AzureKeyVault_1e244d32-2dd4-4165-96fb-b7441ca9331e`
3. Copy the `2.243.0` folder to replace the deleted folder
4. Start the Azure DevOps agent

[v-bsanthanak]

@Medfar-DavidFrancis please share the complete debug logs by setting system.debug= true

[Medfar-DavidFrancis]

Added! Didn't see the option and forgot about the debug variable.

Thanks!

[v-schhabra]

@Medfar-DavidFrancis Please use the latest version of agent and let us know if still the issue persists?

[Medfar-DavidFrancis]

That worked. Thanks