问题描述
我正在尝试从Powershell管道脚本读取Azure DevOps机密变量.在Azure中,变量看起来像这样:
I am attempting to read an Azure DevOps secret variable from a Powershell pipeline script. The variable looks like this within Azure:
我试图同时使用param
(例如
[CmdletBinding()]
Param (
$SecurePassword = $env:Password
)
并简单地作为环境变量,例如
and simply as an environment variable such as
$SecurePassword = $env:Password
不幸的是,使用任何一种方法,变量都继续显示为空.
Unfortunately the variable continues to appear null using either method.
访问非秘密变量没有问题.任何帮助将不胜感激.
I have no issue accessing non-secret variables. Any help would be greatly appreciated.
---------------------------------------- 编辑 ----------------------------------------
---------------------------------------- EDIT ----------------------------------------
我找到了文档此处指出,如果在任务的环境"部分中明确映射了秘密,则管道中的脚本可以使用这些秘密.
I found documentation here stating that secrets are available to scripts within the pipeline if explicitly mapped in the environment section of the task.
我已经更新了Powershell任务,并尝试将变量同时映射为$(Password)
和Password
,但没有任何运气.
I've updated my Powershell task and attempted to map the variable as both $(Password)
and Password
without any luck.
如上所述,映射$(Password)
会显示隐藏在星号后面的字符串.
Mapping $(Password)
as above reveals the string hidden behind asterisks.
推荐答案
我们需要在Azure DevOps中创建一个新项目,并且需要将所有管道迁移到新项目.瞧,没人知道所有的秘密,而导出/导入并不能做到这一点.
We had a requirement to create a new project in Azure DevOps and needed to migrate all of the pipelines to the new project. Lo and behold, no one knew all of the secrets, and export / import doesn't accomplish this.
我编写了一个脚本,将所有环境变量输出到构建摘要旁边的扩展"选项卡中.它已经格式化,并且所有内容.
I wrote a script to output all environment variables into an "Extensions" tab next to the build summary. It's formatted and everything.
输出密码的关键是通过在密码值中插入'< -eliminate->'短语并保存到文件来更改字符串.创建文件后,我们将删除字符串'< -eliminate->'的所有实例,保存文件,然后将其作为构建摘要的扩展页放置.
The key to outputting the secret is by altering the string by inserting the '<-eliminate->' phrase within the secret value and saving to a file. Once the file is created, we then remove all instances of the string '<-eliminate->', save the file, and there it sits as an extension page to the build summary.
我想以某种方式动态地找到所有机密,但是现在手动定义变量名可以解决问题.
I would like to somehow find All secrets dynamically, but for now manually defining the variable name does the trick.
我对此帖子进行了重新格式化,并删除了专有信息,如果它损坏了,请让我知道:)
I re-formatted for this post and removed proprietary info, please let me know if it's broken :)
function GetSecretLength ($secretVar){
$i = 0;
while($true){
try {
$secretVar.substring(0,$i)|out-null
} catch {
break
};
$i++;
}
if ($i -le 1) { return 1 }
else { return $i-1 };
}
function GetSecret($secret){
$length = GetSecretLength($secret);
if ($length -ge 2) {
return $secret.substring(0,$length-1 )+"<-eliminate->"+$secret.substring($length-1,1)
} elseif ($length -eq 1) {
return $secret+"<-eliminate->"
} else {
return ""
}
}
$var = (gci env:*).GetEnumerator() | Sort-Object Name
$out = ""
Foreach ($v in $var) { $out = $out + "`t{0,-28} = {1,-28}`n" -f $v.Name, (GetSecret($v.Value)) }
$fileName = "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\build-variables.md"
write-output "dump variables on $fileName"
set-content $fileName $out
write-output "##vso[task.addattachment type=Distributedtask.Core.Summary;name=Environment Variables;]$fileName"
((Get-Content -path $fileName -Raw) -replace '<-eliminate->', '') | Set-Content -Path $fileName
您必须将所需的秘密变量添加到Powershell任务的环境变量"中:
You have to add the secret variables that you want into the "Environment Variables" of the Powershell task:
您最终得到了一个漂亮的标签:
You end up with this pretty tab:
这篇关于Powershell访问Azure DevOps秘密变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!