7

In the VSTS build, I set various variables (Edit build -> Variables tab), some I set as secret (click the lock), some I don't.

In the build, I run a command prompt task to run set -- e.g. show me all the environment variables. Those marked as secret aren't present.

How do I get VSTS secrets into environment variables?

robrich
  • 13,017
  • 7
  • 36
  • 63
  • Possible duplicate of [How to add secret variable as task environment variable in VSTS](https://stackoverflow.com/questions/44037493/how-to-add-secret-variable-as-task-environment-variable-in-vsts) – Richard II May 16 '18 at 15:25
  • And my answer can be found on that question: https://stackoverflow.com/a/50374601/1633949 – Richard II May 16 '18 at 15:33

1 Answers1

11

Secret variables are:

  • Encrypted at rest with a 2048-bit RSA key.
  • Not returned back to the client. They are automatically masked out of any log output from the build or release.
  • Not decrypted into environment variables. So scripts and programs run by your build steps are not given access by default.
  • Decrypted for access by your build steps. So you can use them in password arguments and also pass them explicitly into a script or a program from your build step (for example as $(password)).

So, Secure variables need to be passed in to tasks as inputs. Check this case: How to add secret variable as task environment variable in VSTS

Cece Dong - MSFT
  • 29,631
  • 1
  • 24
  • 39
  • So my task would need to take `%SECURE%` in as an arg, then within the task `set SECURE=%SECURE%` to re-form it as an env var? (I'm trying to pass secure configs into `dotnet test`. Arguments of mocking these details aside.) – robrich May 02 '18 at 17:39
  • 3
    Is there any way to enumerate them and update VSTS step as the pipeline is being executed? this works okay when you have 1 or 2 variables, but managing 20 becomes ridiculously tedious – zaitsman Aug 21 '18 at 04:57