0

I am trying to create a new Azure Key Vault secret using the Azure Cli v2.9.0 (we use this version in our pipelines and upgrading would be difficult at the moment.) via the command below,

$myValue = "abc^def" 
az keyvault secret set --vault-name $myKeyVaultName -n $mySecretName --value @myValue

The value for @myValue is actually passed in as a parameter to the script.

The command is accepted and a new secret is created but it drops the caret (^) from the string and results in a secret value of abcdef instead of the intended abc^def.

enter image description here

I previously raised the question here and Joy Wang correctly stated that forming a string literal as '"abc^def"' would allow the value to be added correctly via Powershell. As an extension to that question I would like to know how to pass the same value into the az keyvault secret set cmdlet from a variable.

Doing this as below still drops the caret (^)

$myValue = "abc^def" 
az keyvault secret set --vault-name $myKeyVaultName -n $mySecretName --value @myValue 


$myValue = "abc^def" 
az keyvault secret set --vault-name $myKeyVaultName -n $mySecretName --value $(@myValue)

Posting the script snippet for clarification

param (   
    [Parameter(Mandatory=$True)]
    [ValidateNotNullorEmpty()]
    [string]$KeyVaultResourceGroup, 
    [Parameter(Mandatory=$True)]
    [ValidateNotNullorEmpty()]
    [string]$KeyVaultInstanceName,
    [Parameter(Mandatory=$True)]
    [ValidateNotNullorEmpty()]
    [string]$CCnB_FileServer_Password_Value
)

#####################################
###########Initialsiing##############
#####################################
$ErrorActionPreference = "Stop"
$WarningPreference = 'SilentlyContinue'
Set-Location $PSScriptRoot
[Console]::ResetColor()

#############################################################
########### Create new Gasmap Key Vault secrets #############
#############################################################
#Create Secrets
if ($secrets.name -NotContains "CCnBFileServerPassword"){
    Write-Output "INFO: Creating CCnBFileServerPassword secret in key vault $KeyVaultInstanceName"  
    az keyvault secret set --vault-name $KeyVaultInstanceName -n "CCnBFileServerPassword" --value $CCnB_FileServer_Password_Value | Out-Null 
} else {
    Write-Output "INFO: CCnBFileServerPassword secret already exists in key vault $KeyVaultInstanceName"  
}

return 0

Any idea how I can pass this value correctly?

Phil Murray
  • 6,396
  • 9
  • 45
  • 95

2 Answers2

2

You can save the value like below using CLI:

enter image description here

It will be saved like you want:

enter image description here

Harshita Singh
  • 4,590
  • 1
  • 10
  • 13
1

Not sure what is the meaning of @ expression, in powershell, we always use $ to define a variable.

After doing some tests, you could use the CLI in PowerShell environment like below.

$myvalue = 'abc"^"def'
az keyvault secret set --vault-name joykeyvault -n testkey12 --value $myvalue

enter image description here

Joy Wang
  • 39,905
  • 3
  • 30
  • 54
  • Sorry, the @ was a type, should have been $. The value is sent into the script as a parameter so I can't manipulate as above. – Phil Murray Dec 10 '20 at 07:38
  • @PhilMurray If you pass the parameter with `abc"^"def`, will it work? – Joy Wang Dec 10 '20 at 07:46
  • I will try it but the value comes from a CSV file so I doubt it would work. – Phil Murray Dec 10 '20 at 08:01
  • @PhilMurray Ok, please let me know if there is any update, BTW, did you have a chance to test my solution in this post? https://stackoverflow.com/questions/65178711/authorising-azure-function-app-http-endpoint-from-data-factory – Joy Wang Dec 10 '20 at 08:04
  • 1
    That's on my to do list. Unfortunately it's getting longer. I will look as soon as I get the change. Thanks for your help Joy. – Phil Murray Dec 10 '20 at 08:16
  • Why do certain characters have to be surrounded by quotations? This is especially weird/unexpected in URLS where you may have to write `--value 'https://example.com/test?a=b"&"c=d'` which is very unintuitive. Where is this documented / why is this set up like this? – qJake Aug 18 '21 at 18:37