本文介绍了Powershell访问Azure DevOps秘密变量的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试从Powershell管道脚本读取Azure DevOps机密变量.在Azure中,变量看起来像这样:

I am attempting to read an Azure DevOps secret variable from a Powershell pipeline script. The variable looks like this within Azure:

我试图同时使用param(例如

[CmdletBinding()]
Param (
    $SecurePassword = $env:Password
)

并简单地作为环境变量,例如

and simply as an environment variable such as

$SecurePassword = $env:Password

不幸的是,使用任何一种方法,变量都继续显示为空.

Unfortunately the variable continues to appear null using either method.

访问非秘密变量没有问题.任何帮助将不胜感激.

I have no issue accessing non-secret variables. Any help would be greatly appreciated.

---------------------------------------- 编辑 ----------------------------------------

---------------------------------------- EDIT ----------------------------------------

我找到了文档此处指出,如果在任务的环境"部分中明确映射了秘密,则管道中的脚本可以使用这些秘密.

I found documentation here stating that secrets are available to scripts within the pipeline if explicitly mapped in the environment section of the task.

我已经更新了Powershell任务,并尝试将变量同时映射为$(Password)Password,但没有任何运气.

I've updated my Powershell task and attempted to map the variable as both $(Password) and Password without any luck.

如上所述,映射$(Password)会显示隐藏在星号后面的字符串.

Mapping $(Password) as above reveals the string hidden behind asterisks.

推荐答案

我们需要在Azure DevOps中创建一个新项目,并且需要将所有管道迁移到新项目.瞧,没人知道所有的秘密,而导出/导入并不能做到这一点.

We had a requirement to create a new project in Azure DevOps and needed to migrate all of the pipelines to the new project. Lo and behold, no one knew all of the secrets, and export / import doesn't accomplish this.

我编写了一个脚本,将所有环境变量输出到构建摘要旁边的扩展"选项卡中.它已经格式化,并且所有内容.

I wrote a script to output all environment variables into an "Extensions" tab next to the build summary. It's formatted and everything.

输出密码的关键是通过在密码值中插入'< -eliminate->'短语并保存到文件来更改字符串.创建文件后,我们将删除字符串'< -eliminate->'的所有实例,保存文件,然后将其作为构建摘要的扩展页放置.

The key to outputting the secret is by altering the string by inserting the '<-eliminate->' phrase within the secret value and saving to a file. Once the file is created, we then remove all instances of the string '<-eliminate->', save the file, and there it sits as an extension page to the build summary.

我想以某种方式动态地找到所有机密,但是现在手动定义变量名可以解决问题.

I would like to somehow find All secrets dynamically, but for now manually defining the variable name does the trick.

我对此帖子进行了重新格式化,并删除了专有信息,如果它损坏了,请让我知道:)

I re-formatted for this post and removed proprietary info, please let me know if it's broken :)

function GetSecretLength ($secretVar){
     $i = 0;
     while($true){
          try {
               $secretVar.substring(0,$i)|out-null
          } catch {
               break
          };
          $i++;
     }
     if ($i -le 1) { return 1 }
     else { return $i-1 };
}
function GetSecret($secret){
     $length = GetSecretLength($secret);
     if ($length -ge 2) {
        return $secret.substring(0,$length-1 )+"<-eliminate->"+$secret.substring($length-1,1)
    } elseif ($length -eq 1) {
        return $secret+"<-eliminate->"
    } else {
        return ""
    }
}

$var = (gci env:*).GetEnumerator() | Sort-Object Name
$out = ""

Foreach ($v in $var) { $out = $out + "`t{0,-28} = {1,-28}`n" -f $v.Name, (GetSecret($v.Value)) }

$fileName = "$env:BUILD_ARTIFACTSTAGINGDIRECTORY\build-variables.md"
write-output "dump variables on $fileName"
set-content $fileName $out

write-output "##vso[task.addattachment type=Distributedtask.Core.Summary;name=Environment Variables;]$fileName"

((Get-Content -path $fileName -Raw) -replace '<-eliminate->', '') | Set-Content -Path $fileName

您必须将所需的秘密变量添加到Powershell任务的环境变量"中:

You have to add the secret variables that you want into the "Environment Variables" of the Powershell task:

您最终得到了一个漂亮的标签:

You end up with this pretty tab:

这篇关于Powershell访问Azure DevOps秘密变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-23 20:24