Azure Question posted in
The official documentation to get you started can be found here.

Azure – Refer to a parameter value in a "az keyvault secret set" in double quotes

I’m calling an object parameter value in my az keyvault secret set script and it works fine except when a secret value starts with a special character like # for example.

parameters:
- name: info
  displayName: Information
  type: object
  default:
  - subName: Sub1
    kvs:
    - kvName: kv1
      secretName: test-secret
      secretValue: #testvalue
- name: infoCategory
  displayName: Select which category you wish to you
  type: string
  default: Schema
  values:
  - Cat1


steps:
- ${{ each sub in parameters.info }}:
  - ${{ each keyvault in sub.kvs }}:
    - task: AzureCLI@2
      displayName: Updating ${{keyvault.secretName}} in ${{keyvault.kvName}}
      inputs:
        azureSubscription: ${{sub.subName}}
        workingDirectory: $(OPT_DIR)
        scriptType: 'bash'
        scriptLocation: 'inlineScript'
        serviceConnectionName: ${{sub.subName}}
        inlineScript: |
 # Case statements for schemas needed to be stored, encrypted or both
          case ${{ parameters.spmWlpHashStore }} in
            
            Cat1)
            # Storing schema password
            az keyvault secret set --name ${{keyvault.secretName}} --vault-name ${{keyvault.kvName}} --value ${{keyvault.secretValue}} --content-type 'content' --expires ${{parameters.expiryDate}}
            echo "$expiryDate"
            ;;

The line where I run the az keyvault secret set will throw an error

–value requires a value

when my ${{keyvault.secretValue}} refers to a value that start with a special character. But it works for every other password I tried that starts with a number or a letter.

I tried putting it in double quotes "${{keyvault.secretValue}}", single quotes '${{keyvault.secretValue}}'. I tried creating a variable and assigning the value to the variable and then calling that variable in the az keyvault secret set command, but nothing worked

Tags:

3

Answers


  1. 0

    Instead of:

    • Using parameters directly in the inline script

    Do:

    Example

      - task: AzureCLI@2
    displayName: Updating ${{keyvault.secretName}} in ${{keyvault.kvName}}
    inputs:
      azureSubscription: ${{sub.subName}}
      workingDirectory: $(OPT_DIR)
      scriptType: 'bash'
      scriptLocation: 'inlineScript'
      serviceConnectionName: ${{sub.subName}}
      inlineScript: |
        # ... code ommited for brevity
        az keyvault secret set --name ${secretName} --vault-name ${kvName} --value ${secretValue} --content-type 'content' --expires ${expiryDate}
    env:
      ######################### Set task environment variables here
      secretName: ${{ parameters.secretName }}
      kvName: ${{ parameters.kvName }}
      secretValue: ${{ parameters.secretValue }}
      expiryDate: ${{ parameters.expiryDate }}

    See also Cannot set ENV variable in azure pipeline with value from other step.

    Login or Signup to reply.
  2. 0

    The line where I run the "az keyvault secret set" will give me an error saying "–value requires a value"

    I can reproduce the same issue as yours when using the similar YAML sample.

    enter image description here

    To solve this issue, you need to change the following two Points.

    1.You need to add single quote to the secretValue in Parameters. If the value contains # and without single quote , it will be commented.

    For example:

    parameters:
- name: info
  displayName: Information
  type: object
  default:
  - subName: Sub1
    kvs:
    - kvName: kv1
      secretName: test-secret
      secretValue: '#testvalue'

    2.You need to add single quote to the ${{keyvault.secretValue}} in Azure CLI task.

    For example:

    az keyvault secret set --name ${{keyvault.secretName}} --vault-name ${{keyvault.kvName}} --value '${{keyvault.secretValue}}' --content-type 'content' --expires ${{parameters.expiryDate}}

    Here is the YAML sample:

    parameters:
- name: info
  displayName: Information
  type: object
  default:
  - subName: Sub1
    kvs:
    - kvName: kv1
      secretName: test-secret
      secretValue: '#testvalue'
- name: infoCategory
  displayName: Select which category you wish to you
  type: string
  default: Schema
  values:
  - Cat1


steps:
- ${{ each sub in parameters.info }}:
  - ${{ each keyvault in sub.kvs }}:
    - task: AzureCLI@2
      displayName: Updating ${{keyvault.secretName}} in ${{keyvault.kvName}}
      inputs:
        azureSubscription: ${{sub.subName}}
        workingDirectory: $(OPT_DIR)
        scriptType: 'bash'
        scriptLocation: 'inlineScript'
        serviceConnectionName: ${{sub.subName}}
        inlineScript: |
 # Case statements for schemas needed to be stored, encrypted or both
          case ${{ parameters.spmWlpHashStore }} in
            
            Cat1)
            # Storing schema password
            az keyvault secret set --name ${{keyvault.secretName}} --vault-name ${{keyvault.kvName}} --value '${{keyvault.secretValue}}' --content-type 'content' --expires ${{parameters.expiryDate}}
            echo "$expiryDate"
            ;;

    Result:

    enter image description here

    Login or Signup to reply.
  3. 0

    Try below: single quotes + double quotes

    parameters:
- name: keyVaultName
  type: string
  default: 'testkv'

- name: secretName
  type: string
  default: 'test-secret-name'
  
- name: secretValue
  type: string
  default: '#test-secret-value'
    

pool:
  vmImage: ubuntu-latest

steps:
- task: AzureCLI@2
  displayName: Updating ${{parameters.secretName}} in ${{ parameters.keyVaultName }}
  inputs:
    azureSubscription: 'connection-Test'
    scriptType: 'bash'
    scriptLocation: 'inlineScript'
    inlineScript: |
      az keyvault secret set --vault-name ${{ parameters.keyVaultName }} --name ${{ parameters.secretName }} --value "${{ parameters.secretValue }}"

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search