powershellazure-devops

Get Azure Devops Secret Variable as Plain Text using Powershell


is it possible to retrieve an AzDO Library server variable and output to plain text using a Powershell task? I know we can output the variable to a text file but my use case requires PS script but have found no way to achieve it.

I have seen this and this and, with some modifications, it is possible to retrieve passwords and Azure keyvault secrets as plain text, but it does not work with an AzDO secret.

I have mostly been trying with a variation of this but the new "non-secret" variable remains asterisked:

$SecurePassword = ConvertTo-SecureString $(testStringSecret) -AsPlainText -Force
$ssPtr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword)
try {$secretValueText = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($ssPtr)}
finally {[System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($ssPtr)}

Has anybody managed to it, and if so, are you able to provide details on what you did please?

Thanks in advance.


Solution

  • I attempted to improve the readability of @KUTlime's suggestion/hack by changing the output to horizontal. The variable '$secret' in my example should contain the secret retrieved from the keyVault.

    $secret = "fOoBaR"
    Remove-Variable joined -Force -Confirm:$false -ErrorAction SilentlyContinue
    for($i = 0; $i -lt $secret.Length; $i++){
        if ($joined) {$joined = $($joined+" "+$($secret[$i]))}
        else {$joined = $($secret[$i])}
    }
    Write-output "Secret: >$($joined)<"
    

    Outputs:

    Secret: >f O o B a R<
    

    The angle brackets are there to reveal potential space characters trailing the 'secret'.