TFS Build Definition Secret Variables

2019-09-16 01:09发布

站内问答 / 移动开发
1101 1 4

I have several secret variables in my build definition that I'm passing to a powershell function in the argument property for the build step however they are getting sent in as ******** instead of being decrypted.

The parameters that I'm passing into the call of the powershell script are the following with $(accesskey) and $(secretkey) set as secret in the build definition:

-source "$(CodeDeploySource)" -destination "$(CodeDeployDestination)" -Description "$(Description)" -Location "$(Location)" -ApplicationName "$(ApplicationName)" -DeploymentGroup "$(DeploymentGroup)" -DeploymentConfig "$(DeploymentConfig)" -ak "$(accesskey)" -sk "$(secretkey)" -region "$(region)"

The parameter section of my powershell script is:

param(
[string]$source,
[string]$destination,
[string]$Description,
[string]$Location,
[string]$ApplicationName,
[string]$DeploymentGroup,
[string]$DeploymentConfig,
[string]$ak,
[string]$sk,
[string]$region
)

Is there a configuration that has to be enabled in TFS in order for it to decrypt the secret variable during the build process?

1条回答
闹够了就滚
2楼-- · 2019-09-16 02:02

You don't need to do any configuration to decrypt the secret variables. I have reproduced your issue and found in the build log, it shows like *****. Actually, in the Official document it has mentioned that:

Not returned back to the client. They are automatically masked out of any log output from the build or release.

Not decrypted into environment variables. So scripts and programs run by your build steps are not given access by default.

So it can't be seen from the build log. But it won't have effect for your build. The value could be get in the PowerShell script and could be used successfully. It just can't be output because it's a secret variable.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)