11

I have added secret variable called Password in my build definition as shown in this image:

TFS Build Variables

I want to pass the Password to the PowerShell script in one of my build steps as shown in this image:

Build Step

My PowerShell script looks like this

 Param
(
    [Parameter(Mandatory=$true)]
    [string]$UserName,
    [Parameter(Mandatory=$true)]
    [string]$Password
)

$appPool = New-WebAppPool -Name "test"
$appPool.processModel.userName = $userName
$appPool.processModel.password = $password
$appPool.processModel.identityType = "SpecificUser"
$appPool | Set-Item

But it looks like the type of the Password is not a string. I tried PSCredential but didn't work. Can somebody help me? How do I pass the password from build step to the PowerShell script and the type of the secure variable? I can't read the environment variable directly because I am running the PowerShell script on a target machine. So only option is to pass Password to the script as input.

David Rawson
  • 20,912
  • 7
  • 88
  • 124
Sunil Buddala
  • 1,123
  • 1
  • 10
  • 22
  • try `$appPool.processModel.password = (ConvertTo-SecureString -Force -AsPlainText $password)` – 4c74356b41 Mar 16 '17 at 04:43
  • Secret variables are decrypted for access by your build steps. So you can use them in password arguments. Do you get any error during build? I've tested your script, no issue occurred. – Cece Dong - MSFT Mar 16 '17 at 08:44
  • But this statement doesn't work. $appPool.processModel.password = (ConvertTo-SecureString -Force -AsPlainText $password). The value of it is System.Security.SecureString but not the actual password. So the apppool is not set the right password. It doesn't know how to decrypt it. – Sunil Buddala Mar 16 '17 at 21:13

1 Answers1

13

Finally I managed to solve it.

I have put double quotes around my Password when sending it via the powershell script arguments. Boom!! it started working. It sends the decrypted password.

-UserName $(Username) -Password "$(Password)"

My power shell script stays the same as above. 

 Param
(
    [Parameter(Mandatory=$true)]
    [string]$UserName,
    [Parameter(Mandatory=$true)]
    [string]$Password
)

$appPool = New-WebAppPool -Name "test"
$appPool.processModel.userName = $userName
$appPool.processModel.password = $password
$appPool.processModel.identityType = "SpecificUser"
$appPool | Set-Item
Sunil Buddala
  • 1,123
  • 1
  • 10
  • 22
  • "" didn't change anything for me. In TFS 2018 it seems to work with or without "" the same way. I still wonder why I can't use "[SecureString]$Password" in the param part. – tomwaitforitmy Feb 22 '21 at 18:21