Variable inside variable Azure Pipelines

Question

I have an issue using Azure Vault to store my secrets and .properties file to store the secret name (so it is not hardcoded in the pipeline) and access it later from the Azure DevOps Pipeline: .properties file:

...
SERVER_ADMIN_SECRET_NAME=server-password-test
...

I am using template pipeline which reads the file and exports all key=values as $(property) with corresponding value as a global property (##vso[task.setvariable variable=$KEY]$VAL).

When I call Azure Key Vault, it returns the key name and export variable $(server-password-test) so it can be used later. However, I am unable to access it, because the variable name is the value of another variable $(SERVER_ADMIN_SECRET_NAME). The solution should be using a variable inside variable $($(SERVER_ADMIN_SECRET_NAME)), but this does not work in Azure Pipelines.

My pipeline looks like this:

...
- template: read_properties.yml
  parameters:
    file: config.properties

- task: AzureKeyVault@1
  inputs:
    azureSubscription: 'vault-service-connection'
    KeyVaultName: 'test-playground'
    SecretsFilter: '$(SERVER_ADMIN_SECRET_NAME)'

# TODO : How to fix this??
- task: CmdLine@2
  inputs:
    script: |
      echo $($(SERVER_ADMIN_SECRET_NAME))
...

Diagram:

score 8 · Accepted Answer · answered Feb 27 '20 at 09:50

8

For this issue , the value of nested variables (like $($(SERVER_ADMIN_SECRET_NAME))) are not yet supported in the pipelines. You can refer to this case to see this point.

The workaround I can think of is adding the Variable Toolbox task to the top of your build steps.

In this task you can set nested variable value for variable.

You can refer to this case for this task.

answered Feb 27 '20 at 09:50

Hugh Lin

17,829
2
21
25

Worked like a charm this task: jessehouwing.jessehouwing-vsts-variable-tasks.vsts-variable-set.VariableSetTask@1 – Shrikant Prabhu Apr 02 '21 at 20:47

HeyMan · Answer 2 · 2021-10-04T17:05:24.703

2

This works for me, see the last line for the clue:

variables:
  azureSubscription: 'my-subscription'
  azureKeyVault: 'my-keyvault'
  testkv: $(SERVER_ADMIN_SECRET_NAME)

jobs:

- job: TestKeyVault
  displayName: Key Vault access
  continueOnError: true
  steps:
  - task: AzureKeyVault@1
    inputs:
      azureSubscription: ${{ variables.azureSubscription }}
      KeyVaultName: ${{ variables.azureKeyVault }}
      SecretsFilter: ${{ variables.testkv }}
      RunAsPreJob: true

  - task: CmdLine@2
    inputs:
      script: 'echo $(${{ variables.testkv }}) > secret.txt'

edited Oct 04 '21 at 17:05

answered Oct 04 '21 at 16:15

HeyMan

1,529
18
32

doesn't work for me, in the file ends literally this test: $(SERVER_ADMIN_SECRET_NAME) – David B. Feb 12 '22 at 18:40

score 1 · Answer 3 · edited Jun 26 '23 at 00:47

1

Based on the response from @HeyMan. The following works for me

Write-Output "Value: $(SOME-String${{parameters.this}}-${{variables.that}})";

edited Jun 26 '23 at 00:47

Community

1
1

answered Jun 21 '23 at 23:12

dagra

589
4
20

Variable inside variable Azure Pipelines

3 Answers3