从 Azure Devops 获取所有秘密到 Node.JS 进程

Question

I'm trying to pass all secrets from Azure Devops pipeline to Node.js process. Right now, to do this, I need to pass secrets explicitly as parameters to Node.JS process:

Additionally, I know, that I can receive a list of all Azure variables from process.env inside Node.JS:

console.log(process.env);

Is there any way, to pass all secrets and it's values to Node.JS without explicitly pointing it's as parameters to Node.JS but listing it as process.env?

Answer 1

There is a way to pass the secrets to Node.JS without explicitly pointing to it as parameters.

As below it is described in the document Set secret variables .

Unlike a normal variable, they are not automatically decrypted into environment variables for scripts. You need to explicitly map secret variables.

Each task that needs to use the secret as an environment variable does remapping. If you want to use a secret variable called mySecret from a script, use the Environment section of the scripting task's input variables. Set the environment variable name to MYSECRET, and set the value to $(mySecret).

So you need to use the Environment Variables section to map the secrets in side the task. Check below screenshot.

After the secrets are mapped, you donot need to pass the secrets explicitly in the script like what you are currently doing. You can use process.env.API_KEY directly to get the secrets inside Node.JS.

Hope above helps!

Answer 2

I tried first az cli

az pipelines variable list --org "https://dev.azure.com/organization-name" --project "project-name" --pipeline-name "pipeline-name"

But I got:

az : This command group is in preview. It may be changed/removed in a future release.
At line:1 char:1
+ az pipelines variable list --org "https://dev.azure.com/organization-name...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (This command gr...future release.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError

I am able to get variables using:

  - task: Bash@3
    inputs:
      targetType: 'inline'
      script: 'env | sort'

But you will get also bunch of prebuild variables.

My defined variables:

and here is the log output:

ImageVersion=20200330.1
INPUT_ARGUMENTS=
ISPROD=true
JAVA_HOME_11_X64=/usr/lib/jvm/zulu-11-azure-amd64
JAVA_HOME_12_X64=/usr/lib/jvm/zulu-12-azure-amd64

You can also try to call API . I haven't tried this aproach. But it should be doable.