我在“az keyvault 秘密集”脚本中调用对象参数值,它工作正常,除非秘密值以特殊字符(例如 #)开头。
parameters:
- name: info
displayName: Information
type: object
default:
- subName: Sub1
kvs:
- kvName: kv1
secretName: test-secret
secretValue: #testvalue
- name: infoCategory
displayName: Select which category you wish to you
type: string
default: Schema
values:
- Cat1
steps:
- ${{ each sub in parameters.info }}:
- ${{ each keyvault in sub.kvs }}:
- task: AzureCLI@2
displayName: Updating ${{keyvault.secretName}} in ${{keyvault.kvName}}
inputs:
azureSubscription: ${{sub.subName}}
workingDirectory: $(OPT_DIR)
scriptType: 'bash'
scriptLocation: 'inlineScript'
serviceConnectionName: ${{sub.subName}}
inlineScript: |
# Case statements for schemas needed to be stored, encrypted or both
case ${{ parameters.spmWlpHashStore }} in
Cat1)
# Storing schema password
az keyvault secret set --name ${{keyvault.secretName}} --vault-name ${{keyvault.kvName}} --value ${{keyvault.secretValue}} --content-type 'content' --expires ${{parameters.expiryDate}}
echo "$expiryDate"
;;
当我的 ${{keyvault.secretValue}} 引用以特殊字符开头的值时,运行“az keyvault Secret Set”的行将给出一个错误,提示“--value 需要一个值”。但它适用于我尝试过的以数字或字母开头的所有其他密码。
我尝试将其放在双引号“${{keyvault.secretValue}}”中,单引号“${{keyvault.secretValue}}”中。我尝试创建一个变量并将值分配给该变量,然后在“az keyvault Secret Set”脚本中调用该变量,但没有任何效果
不要尝试直接在内联脚本中使用参数,而是尝试使用任务环境变量:
- task: AzureCLI@2
displayName: Updating ${{keyvault.secretName}} in ${{keyvault.kvName}}
inputs:
azureSubscription: ${{sub.subName}}
workingDirectory: $(OPT_DIR)
scriptType: 'bash'
scriptLocation: 'inlineScript'
serviceConnectionName: ${{sub.subName}}
inlineScript: |
# ... code ommited for brevity
az keyvault secret set --name ${secretName} --vault-name ${kvName} --value ${secretValue} --content-type 'content' --expires ${expiryDate}
env:
######################### Set task environment variables here
secretName: ${{ parameters.secretName }}
kvName: ${{ parameters.kvName }}
secretValue: ${{ parameters.secretValue }}
expiryDate: ${{ parameters.expiryDate }}
这样你就不必担心秘密值中的特殊字符。