How to use secret task variables with npm tasks

Question

I've defined Variable Group which downloads secrets from Key Vault.
Looks like that unlike other variables, secrets aren't set automatically as environment variables.
I've tried using a bash script to take those 'task variables' and set them as environment variables but they were gone by the next task:

export ENV1=$(someSecretTaskVariable)

I'm using npm task which can't be provided with environment variables via the UI and the yaml is read only.

How should this be done?

4c74356b41 · Answer 1 · 2019-07-10T15:09:55.040

1

~~I dont think you can do this via UI~~, but via yaml you would do this:

- task: xxx
  env:
    ENV1=$(someSecretTaskVariable)

apparently you can do this:

Unlike a normal variable, they are not automatically decrypted into environment variables for scripts. You can explicitly map them in, though.

To pass a secret to a script, use the Environment section of the scripting task's input variables.

seems like with UI you can only do this with scripting tasks

https://learn.microsoft.com/en-us/azure/devops/pipelines/process/variables?view=azure-devops&tabs=classic%2Cbatch#secret-variables

edited Jul 10 '19 at 15:09

answered Jul 10 '19 at 15:00

4c74356b41

69,186
6
100
141

How can I edit the `yaml`? I see only 'View YAML' button which only shows the yaml with no ability to edit it – SagiLow Jul 10 '19 at 15:06
you need to create a pipeline as a yaml pipeline, not visual pipeline – 4c74356b41 Jul 10 '19 at 15:10
unfortunately `npm` task doesn't have Environment section, so I guess that leaves us with yaml pipeline, that's too bad :( – SagiLow Jul 10 '19 at 15:29
yaml is really much better when you get used to it – 4c74356b41 Jul 10 '19 at 15:32
this pipeline will be shared with other people as well, I prefer to stick with the known rather than getting everybody to know a new format – SagiLow Jul 10 '19 at 15:45
well, thats why we are not using clubs and stone axes there days. – 4c74356b41 Jul 10 '19 at 15:52
That's the first feature missing from the 'UI' vs the yaml, I'm not sure your comparison is relevant here,, – SagiLow Jul 10 '19 at 20:33
its not only about features missing, its about scalability\control\reuse\etc – 4c74356b41 Jul 10 '19 at 20:41

score 1 · Accepted Answer · answered Jul 10 '19 at 23:25

1

If you want to create an environment variable that is passed to subsequent Azure DevOps tasks, maybe try this :

echo '##vso[task.setvariable variable=ENV1]$(someSecretTaskVariable)'

instead of export ENV1=$(someSecretTaskVariable)

Set variables in scripts

answered Jul 10 '19 at 23:25

Sebastien GISSINGER

656
7
18

Not the best experience but will definitely do the trick in this case. thanks! – SagiLow Jul 11 '19 at 14:42

How to use secret task variables with npm tasks

2 Answers2