tag:help.appveyor.com,2012-11-13:/discussions/problems/24810-cant-set-secure-environment-variables-via-apiAppVeyor: Discussion 2024-03-07T18:59:52Ztag:help.appveyor.com,2012-11-13:Comment/475385052019-08-19T15:41:15Z2019-08-19T15:41:15ZCan't set secure environment variables via api<div><p>Hello, I'm trying to set a project's environment variables via API and I'm having some issues. I'm using this endpoint:</p>
<pre>
<code>PUT https://ci.appveyor.com/api/projects/{my-org}/{my-project-slug}/settings/environment-variables</code>
</pre>
<p>It <em>works</em> for vars that have <code>isEncrypted: false</code>, but when <code>isEncrypted: true</code>, the value is not set correctly or at all.</p>
<p>Here's a test case:<br>
- go into the AppVeyor UI and set a secure variable - use the API to GET that variable and confirm you can read its value - use the API to PUT the value back - try to GET it again and confirm that you only get <code>""</code> back</p></div>mharentag:help.appveyor.com,2012-11-13:Comment/475385052019-08-19T21:34:10Z2019-08-19T21:34:10ZCan't set secure environment variables via api<div><p>The api expects that, if you update a project with an encrypted variable, that you are sending the encrypted variable, not the unencrypted variable that is returned when querying for settings.</p>
<p>Go to the <strong>Encrypt YAML</strong> tab of your account and encrypt a test variable, then use that in whatever script you are using to call the api, then make a second call to retrieve settings, and you should see the enencrypted variable (with <code>isEncrypted</code> value set to true, in the return JSON.</p>
<p>You can also encrypt by sending it to <code>https://ci.appveyor.com/api/account/<your_account_name>/encrypt</code> with a POST body like <code>{ "plainValue": "value_to_encrypt" }</code></p></div>Owen McDonnelltag:help.appveyor.com,2012-11-13:Comment/475385052019-08-20T12:35:26Z2019-08-20T12:39:48ZCan't set secure environment variables via api<div><p>Thanks Owen! That all works for me as you described, thank you!</p>
<p>Some feedback for your team: this is somewhat inconvenient. What I'm trying to do is set a few common variables across many build configs. To do that is tough:</p>
<p>First get a list of all projects (easy), and then for each:<br>
1. Get their vars<br>
2. Merge my vars into the vars I got<br>
3. Call the <code>encrypt</code> endpoint for each var that is encrypted, including whatever vars I retrieved in step 2<br>
4. Post the vars back to you</p>
<p>If the vars endpoint accepted <code>plainValue</code> for encrypted vars, that'd help.</p>
<p>What I <em>really want</em> is a PATCH request (or something) so that I could include only the vars I'm adding/changing, and then the server would merge that into what might already be there. If you did both of these things then my process above would be a lot simpler, and probably safer since you'll do the tricky bits instead of me :).</p>
<p>Two other comments for your consideration:<br>
1. Now that I understand how it works, the REST API docs are obvious. But I think they could be improved with an explanation of how to send encrypted vars, like you provided me in this thread<br>
2. It would be cool if we could set account-wide vars that would get added to all builds</p></div>mharen