Expose Secret Variables in VSTS With This One Simple Trick
This post will, if for nothing else, encourage teams to seriously consider using KeyVault for storing secrets that you want to use in a build (this walkthrough is a good guide.) Despite the fact that despite that they are encrypted, it is possible to get the value of a secret variable with one simple trick. This means it is very important who has permissions to edit your pipelines.
So, how do we go about getting the value of a secret parameter? I have here a secret variable:
I have here, one line of PowerShell:
And finally, I have here the value of the secret variable printed out into the logs.
And for anyone else wondering, this trick also works in Bamboo. I don’t know if it works in other build/release tools, but yes it is in VSTS/Azure DevOps and it is in TFS/Azure DevOps Server as well.