How to expose secret variables in Azure DevOps
Posted by
Nikos Tsirmirakis
on 2021-02-01
Variables are used to parametrise deployment in Azure DevOps pipelines. Occasionally for troubleshooting purposes, we have to check if variables are correct. With plain text variables, it is not a problem however with secret variables it is more complicated. In this post, we will run a pipeline with PowerShell step to expose it.
Variable
First, we will create two variables as part of our release pipeline.
| Variable name | Variable value |
|---|---|
| plain_text_variable | plaintextvariable |
| secret_variable | secretvariable |
When we change a variable to the secret one, it becomes masked in Azure DevOps portal. As result, we do not have access to the plain text version of it any more. The PowerShell script run in the pipeline can be used to expose secret variable. Below is the pipeline to achieve it.
Pipeline
Now we create a single pipeline step with a PowerShell task to run following inline script.
$secret = $env:secret
Write-Host "plain_text_variable: $($env:plain_text_variable)"
Write-Host "secret_variable: $($secret)"
Write-Host "vertical secret_variable:"
$secret.ToCharArray()
The secret variable is masked in a log however we are able to manipulate the variable string within the PowerShell script and output it vertically. To allow the script to refer to a secret variable we have to map it in the “Environment Variables” section.
Congratulations!
After a successful run of a pipeline, we can see a secret variable displayed vertically in plain text.
