Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Correct way to use secret variable in PowerShell script

Tags:

What is the correct way to use a secret variable in a PowerShell script? It may be a pipeline variable, a variable group one, or a variable brought in from an Azure Key Vault task. I have seen in the documentation that it cannot be used in the same way as a normal (non-secret) variable. It says "Instead, we suggest that you map your secrets into environment variables." and "You need to explicitly map secret variables." I have used an environment variable and it works. Are there other ways to do it? This blog says you can use it directly in the script, which seems to contradict the MS document. This one passes the variable as an argument or parameter to the scripts. Does anyone know what is actually going on behind the scenes?

like image 847
AirAzure Avatar asked Feb 23 '20 21:02

AirAzure

1 Answers

have seen in the documentation that it cannot be used in the same way as a normal (non-secret) variable. It says "Instead, we suggest that you map your secrets into environment variables." and "You need to explicitly map secret variables."

The doc is misunderstood, it's not saying the secret variables cannot be used in the same way as a normal variable, instead, it says it's not suggested to pass secrets on the command line directly since some operating systems log command line arguments which could cause information leakage as mentioned, and it's suggested to map your secrets into environment variables.

This blog says you can use it directly in the script, which seems to contradict the MS document.

As mentioned above, the secrets can be used directly in the script although it's not suggested, so they are not contradictory.

You can also check the example in the MSDN doc:

steps:

- powershell: |
    # Using an input-macro:
    Write-Host "This works: $(mySecret)"

    # Using the env var directly:
    Write-Host "This does not work: $env:MYSECRET"

    # Using the mapped env var:
    Write-Host "This works: $env:MY_MAPPED_ENV_VAR"    # Recommended
  env:
    MY_MAPPED_ENV_VAR: $(mySecret)

and you will see in the first line of the powershell script, the secret variable is used directly in the command.

In conclusion, i suggest we should follow the MSDN doc, map your secrets into environment variables and then use them.

like image 74
Yang Shen - MSFT Avatar answered Oct 12 '22 23:10

Yang Shen - MSFT
Sign in to Comment

Related questions

Drawing a 3d box in a 3d scatterplot using plotly
rzc generate exited with code -2147450730
Cloudformation template completes deployment before UserData is finished
Why is the buffer size in inet_ntoa 18?
Error in committed chaincode invoke/query with hyperledger fabric 2.0
How do I delete the key by knowing its values in flutter?
MapStruct : How to convert String to byte[] using mapstruct
Floating action button not showing vector asset
Continue training style-gan 2 network after crash
proc sql join in SAS that is closest to a date
Doing prediction with RNN on Sequential data in keras
A clean API for making a function call threaded in python

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!