azure-devops-cli-extension icon indicating copy to clipboard operation
azure-devops-cli-extension copied to clipboard

Published 20 hours ago verified publisher icon Azure

build library secure files

Open saccy opened this issue 5 years ago • 12 comments

Are there any plans to add 'build > library > secure files' components to the VSTS cli that would enable uploading secrets?

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

saccy avatar Sep 04 '18 22:09 saccy

We definitely need this Since I've started working only with YAML builds, asking people to drop out to the UI just to set a storage key or other secret value feels really clumsy

benc-uk avatar Mar 03 '19 09:03 benc-uk

We have included variable groups and variables for YAML pipelines with version 12. Wouldn't this work for your use case?

geverghe avatar Aug 28 '19 07:08 geverghe

@benc-uk - did you have a chance to look at v12 of the azure devops extension which supports variables and variables groups (including secret types)? Would this suffice?

geverghe avatar Sep 30 '19 10:09 geverghe

+1 for this feature. Uploading a secret file

Simple variables for secrets are...less than usable - somehow they do not show up in the GUI when created. Variable groups are better, but you are forced to create a non-secret variable just to be able to create the group. Also, things like certificates for signing mobile apps are much easier to manage as secret files than env variables.

damphyr avatar Oct 29 '19 10:10 damphyr

We would like to be able to upload secure files via the Azure CLI DevOps extension as well. With our Apple certificates expiring annually, it becomes quite the pain to update the code signing files (keystore & p12).

I decided to write a script that automates the updating of these files in DevOps > Pipelines > Library > Secure Files so that I don't have to research the locations of these files every year. Come to find out- this doesn't appear to be possible with the Azure CLI DevOps extension.

Note: I have no experience with the CLI tools, so please don't think me stupid. I'm just new! 😁

I was hoping for a command like:

az pipelines secure-file publish --organization MyOrganization --project MyProject --path "C:\Users\Me\AppData\Local\Xamarin\Mono for Android\Keystore\MyKeysore\MyKeysore.keystore"

This would REALLY help us out with setting up Pipelines for our Xamarin.Forms projects. Thanks.

dfoulk avatar Mar 19 '20 22:03 dfoulk

+1 for this feature. Uploading a secret file.

gaochundong avatar Jul 20 '20 09:07 gaochundong

+1 for this. This would be really useful to be able to update secrets efficiently for terraform based pipelines.

jrydow avatar Oct 09 '20 11:10 jrydow

+1 so badly need this command as we destroy and recreate AKS clusters quite often and evertime we have to manually come and update the cluster certs in secure files

jibinbabu avatar Feb 18 '21 20:02 jibinbabu

Any news on this? Variable and variable groups does not quite cut it. This would be so useful when passing stuff to terraform as files in order to define the stuff in the file once and in one place.

jrydow avatar Jun 10 '21 11:06 jrydow

Hoping to see this come along.... really want to manage secure files via CLI.

ben-p-commits avatar Aug 23 '21 21:08 ben-p-commits

It is possible if you can do a bit of Powershell/Python/Javascript to interact with the REST API directly.

https://github.com/microsoft/azure-pipelines-tasks/issues/9172

Specifically https://github.com/microsoft/azure-pipelines-tasks/issues/9172#issuecomment-626474029

and https://github.com/microsoft/azure-pipelines-tasks/issues/9172#issuecomment-655569961

https://github.com/microsoft/azure-pipelines-tasks/issues/9172#issuecomment-853098180

spoelstraethan avatar Oct 05 '21 19:10 spoelstraethan

What is the scope of this API ? I am trying to authenticate via az rest so AD instead of PAT but it wants me to provide a scope. I cannot find out what is is.

nbraun-wolf avatar Mar 27 '22 09:03 nbraun-wolf