How to read azure secret/protected variables in an effective way.
Azure typically offers two sorts of variables (Plain and Secret) to create in the set of library variables. Additionally, versioning is not available in these variable groups in Azure. This implies that the previous values are overridden, and you can only view the current value. Therefore, if a secret variable is marked with an asterisk (*), neither developers nor administrators will be able to access its values directly from the Azure Library group. Using secret variables, Azure offers a quick and effective solution to store sensitive data. Protected resources include secret variables. Applications or pipelines running on Azure can access these secret variables. I'll go over how to read Azure secret variables successfully in this short and quick-read blog. Let's start now!
Problem statement- After creating a secret variable in the library variable group, the administrator would not be able to perform this operation if they wanted to verify the value or read it. The secret values of variables are not copied by Azure when you clone a library variable group for a new environment. Therefore, you either can get in touch with the proper party who is in possession of the correct value for those parameters, or you need to override with new values, which makes it difficult for you to know the precise value, OR they must extract the value from a particular variable group.
Solution that I find effective and worked for me always- read and extract Azure secret variables from a particular variable group.
Step 1 - Identify your secret variable from variable group that you want to extract. Let's take example from below here are two variable apiKey and apiName and one is apiName is plain text that I can see but apiKey is secret and I am unable to read that value. So I want to extract the value for apiKey.
Step 2- Create a yaml file, sample below :-
trigger:
- main
pool:
vmImage: 'ubuntu-latest'
variables:
- group: AzureVariableGroup # define your variable group name here.
steps:
- task: Bash@3
inputs:
targetType: 'inline'
script: |
# Here `apiKey` is a secret variable that we have in `AzureVariableGroup` and would like to read.
# secretsValue.txt is a file that will be generated on workspace with an unmasked value of `apiKey` secret variable. You can give any name for this .txt file.
echo "Secret values are here -> $(apiKey)" >> $PIPELINE_WORKSPACE/secretsValue.txt
- task: PublishPipelineArtifact@1
inputs:
targetPath: '$(Pipeline.Workspace)/secretsValue.txt'
artifact: 'Secrets'
publishLocation: 'pipeline'
Step 3 - Go to Pipeline tab in your board and click on it.
Step 4 - Now Select Your Pipeline. Here is my pipeline name Blog.Aafridi and Click on it
Step 5 - After that you will see Run Pipeline and Click on it. it will give you another Popup window with pre-set values. You can change these based on your needs.
Step 6 -Click on Run and wait till finish your pipeline. Once it will finish it will published on artifact where you can see your file and you can download it.
Step 7 - Click on published and you can see your file with secret variables with unmasked values inside.
Step 8 - You can see the content in downloaded file. Here is the snapshot of the same and secret value of apiKey was wekrjlwerlkew.
Conclusion - You can successfully read Azure secret variables while upholding security and compliance by adhering to the yaml code. Utilize Azure Key Vault's features and follow industry standards for storing sensitive data securely. To safeguard your application and uphold data integrity within the Azure ecosystem, it is crucial that you preserve your secret variables.
Please share this blog with your friends and coworkers if you like it :) .