Use secure environment variable in through appSettings via Microsoft.Extensions.Configuration.Environment
I've used the encrypt YAML page in my account to create an encrypted set of environment variables. I'm trying to use those in my .NET Core class library that utilizes appSettings like this:
var configuration = new ConfigurationBuilder()
.AddJsonFile("appsettings.json")
.AddJsonFile("appsettings.dev.json", optional: true)
.AddEnvironmentVariables()
.Build();
The appsettings.dev.json file is in my .gitignore, which I use locally. The AddEnvironmentVariables() call should load the environment variables. But it does not seem to pick up the secured environment from the YAML file.
I've considered going a route like this:
before_test:
- cmd: set MyVariable={{mySecureVariable}}
But (a) this feels like a clunky hack and (b) I'd be worried that I'd loose AppVeyor features that would prevent my variable value from showing up in the logs.
Is there a more appropriate way to do this in AppVeyor?
For reference:
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
1 Posted by Ilya Finkelshte... on 27 Mar, 2019 07:24 PM
here is super simple test program, here is build configuration and here is the build.
AppVeyor replace secure variables values with
*****, but you can fork it, replace with values encrypted under your account and ensure it works as expected.I see 2 possible problems:
you encrypted variables being logged under different account.
something inside your code does not treat them right.
I would recommend to do the following experiment:
add variables to AppVeyor UI, not YAML at Environment tab. They are being merged with YAML anyway. If it works, then problem is most probably with wrong encryption.
Change variables to something different for experiment, and print them to console from here. This will help you isolate the part of code with potential issues.
2 Posted by Jeroen Heijmans on 27 Mar, 2019 08:37 PM
Thank you for an amazingly clear answer! 👍
I will analyze the differences, and am sure I will find the root cause. When I do, I will get back to you here, so (a) others can see the solution I needed (as they might), and (b) so we can close this support thread.
3 Posted by Jeroen Heijmans on 27 Mar, 2019 09:02 PM
Well, you were right, I was doing something wrong with the encryption and accounts. Thanks for the help on that!
I can also confirm that the log shows masks over the actual values of secured variables, even if some custom part of my application (e.g. test output) would log those. What tripped me for a moment there is that when logged in I do see the variable values, but in incognito mode or a different browser I don't. To me that's not ideal, but workable.
Edit: I opened a new thread for masking the secure variables also when logged in.
4 Posted by Ilya Finkelshte... on 27 Mar, 2019 11:29 PM
Great, thanks for the update!
Ilya Finkelshteyn closed this discussion on 28 May, 2019 09:01 PM.