0
  enviornment: 'dev'
  acr-login: $(enviornment)-acr-login
  acr-secret: $(enviornment)-acr-secret

dev-acr-login and dev-acr-secret are secrets stored in keyvault for acr login and acr secret.

In Pipeline, getting secrets with this task

      - task: AzureKeyVault@1
        inputs:
          azureSubscription: $(connection)
          KeyVaultName: $(keyVaultName)
          SecretsFilter: '*'

This task will create task variables with name 'dev-acr-login' and 'dev-acr-secret'

Not if I want to login in docker I am not able to do that

Following code works and I am able to login into acr.

      - bash: |
          echo $(dev-acr-secret) | docker login \
              $(acrName) \
              -u $(dev-acr-login) \
              --password-stdin
        displayName: 'docker login'

Following doesnot work. Is there a way that I can use variable names $(acr-login) and $(acr-secret) rather than actual keys from keyvault? 

      - bash: |
          echo $(echo $(acr-secret)) | docker login \
              $(acrRegistryServerFullName) \
              -u $(echo $(acr-login)) \
              --password-stdin
        displayName: 'docker login'
anand
  • 11,071
  • 28
  • 101
  • 159

1 Answers1

0

You could pass them as environment variables:

- bash: |
    echo $(echo $ACR_SECRET) | ...
  displayName: docker login
  env:
    ACR_SECRET: $(acr-secret)

But what is the purpose, as opposed to just echoing the password values as you said works in the other example? As long as the task is creating secure variables, they will be protected in logs. You'd need to do that anyway, since they would otherwise show up in diagnostic logs if someone enabled diagnostics, which anyone can do.

An example to do that:

- bash: |
    echo "##vso[task.setvariable variable=acr-login;issecret=true;]$ACR_SECRET"
  env:
    ACR_SECRET: $($(acr-secret)) # Should expand recursively

See Define variables : Set secret variables for more information and examples.

Heath
  • 2,986
  • 18
  • 21