Question posted in 
While performing an Azure DevOps release is it possible to populate an Azure DevOps library variable from a shell script?
My end goal is to use it in the "Replace tokens" task in the release pipeline as to put the secret in a yaml (much cleaner than what I currently have). Replace tokens only works with ADO library variables.
My current workaround is using sed to replace what the secret gives me and output that to another yaml which I use to deploy Kubernetes. Any alternatives to this would be great!
Here is what I have now –
# Lets get the DB and Redis PW from AWS Secrets - used so we only have to set or change the passwords in one place - AWS Secrets
# Note that the AWS_secret_arn is different between stage and release and the variable is set in the library AppConfigs_xxxxx
DB_PW=$(aws secretsmanager get-secret-value --secret-id $(AWS_secret_arn) | jq -r '.SecretString' | jq -r '.db_pw')
echo " *** The secret is - " $DB_PW
# We are replacing the db_password with the one we acquired from AWS secrets
sed "s/db_pw_placeholder/$DB_PW/g" service.yaml > service-final.yaml
echo "### kubectl apply now running the service manifest ###"
kubectl apply -f service-final.yaml
I would also like to use the same methodology to get other parameters over from AWS to populate the ADO variable library – like an RDS DB endpoint.
2
Answers
If you use this Replace token all what you actually need is AWS Secrets Manager Get Secret task. It maps secret from AWS Secret Manager into secret variable. And since Replace Token works with secrets, you should be fine.
I would like to share another method.
In addition to Azure DevOps library variable can be used to Replace Tokens task, pipeline variables defined in the build process can also be used.
You can make some modifications to your powershell code:
For example:
Then the variable $(test) could be directly used in Replace tokens taks(
#{test}#).This method uses the logging command to define variables in the pipeline