1

Hello Stackoverflowers,

I have been playing lately alot with the CI-CD on VSTS with GIT. I have a set of Build tasks which refer to secure files. I use the „Download Secure File“ task to access these files at build time. However, I was wondering if there is a way to commit these files or at least automatically update them from my dev environment. For now, these files need to be uploaded manually, which is wrong. Thanks

candidson
  • 516
  • 3
  • 18

2 Answers2

1

For now, there is no way to update secure files automatically. You need to upload the secure files manually.

While when uploading a secure file name which already exists, you need to deleted the existing one and add the new one with the same name.

And there has the user voice Allow us to update an existing Secure File instead of having to delete and re-upload which suggests this feature, you can vote and follow up.

Marina Liu
  • 36,876
  • 5
  • 61
  • 74
  • Thank you for your answer. However, I am not sure if we are talking about the same thing. I was talking about the "secure files": https://learn.microsoft.com/en-us/vsts/build-release/concepts/library/secure-files. I have tried what you recommended, but it didnt work – candidson Feb 18 '18 at 17:57
  • Since the security files are located in `$(Agent.WorkFolder)\_temp` directory, you should move the security files into `$(Build.SourcesDirectory)` firstly, and then commit the files into git repo. – Marina Liu Feb 19 '18 at 01:25
  • Wouldn't mean then that I would loose the security features behind the whole concept? It would mean, that anyone with access to the repository would for example easily have access to those files.. It would also mean that the whole encryption-at-rest concept would be lost, right? – candidson Feb 19 '18 at 09:09
  • Yes, for the users who have permission to access the git repo or the branch, they can see the security files. Do you also meet the same issue when commit and push manually? And the workaround is commit and push the security files to a certain branch which only certains users have permission to view the branch. – Marina Liu Feb 19 '18 at 15:02
  • @COR If you only want the secure files located in library (not commit into repo), there is no way to update the secure files automatically in Library, I updated my answer, you can find more details in it. – Marina Liu Feb 23 '18 at 03:10
  • @ Marina Liu - MSFT Thanks for your answer. I guess I am stuck with manual upload for now. Is that on the MSFT roadmap though? – candidson Feb 23 '18 at 07:54
  • @COR Not for now, our backlog of works are related with the feature voted counts in user voice, you can vote there. – Marina Liu Feb 23 '18 at 07:58
1

You can use API to delete and upload secure file in library.

For secure file delete use PUT API
https://dev.azure.com/{organization}/{project}/_apis/distributedtask/securefiles/{secureFileID}?api-version=5.0-preview.1

And for secure file upload use POST API https://dev.azure.com/{organization}/{project}/_apis/distributedtask/securefiles?name={fileName}&api-version=5.0-preview.1

Content-Type=application/octet-stream

bot
  • 83
  • 4
  • 11
  • I am getting an error when using PUT to delete. "The requested resource does not support https method 'PUT'." – spentag Aug 23 '21 at 22:53
  • 1
    @spentag to delete the file use the DELETE http method. You'll also need to make a GET request to get the secureFileId – Nick Graham Jan 16 '22 at 17:14