Use secure environment variable in through appSettings via Microsoft.Extensions.Configuration.Environment

Jeroen Heijmans's Avatar

Jeroen Heijmans

27 Mar, 2019 04:57 PM

I've used the encrypt YAML page in my account to create an encrypted set of environment variables. I'm trying to use those in my .NET Core class library that utilizes appSettings like this:

var configuration = new ConfigurationBuilder()
    .AddJsonFile("appsettings.json")
    .AddJsonFile("appsettings.dev.json", optional: true)
    .AddEnvironmentVariables()
    .Build();

The appsettings.dev.json file is in my .gitignore, which I use locally. The AddEnvironmentVariables() call should load the environment variables. But it does not seem to pick up the secured environment from the YAML file.

I've considered going a route like this:

before_test:
  - cmd: set MyVariable={{mySecureVariable}}

But (a) this feels like a clunky hack and (b) I'd be worried that I'd loose AppVeyor features that would prevent my variable value from showing up in the logs.

Is there a more appropriate way to do this in AppVeyor?

For reference:

  1. Support Staff 1 Posted by Ilya Finkelshte... on 27 Mar, 2019 07:24 PM

    Ilya Finkelshteyn's Avatar

    here is super simple test program, here is build configuration and here is the build.

    AppVeyor replace secure variables values with *****, but you can fork it, replace with values encrypted under your account and ensure it works as expected.

    I see 2 possible problems:

    • you encrypted variables being logged under different account.

    • something inside your code does not treat them right.

    I would recommend to do the following experiment:

    • add variables to AppVeyor UI, not YAML at Environment tab. They are being merged with YAML anyway. If it works, then problem is most probably with wrong encryption.

    • Change variables to something different for experiment, and print them to console from here. This will help you isolate the part of code with potential issues.

  2. 2 Posted by Jeroen Heijmans on 27 Mar, 2019 08:37 PM

    Jeroen Heijmans's Avatar

    Thank you for an amazingly clear answer! 👍

    I will analyze the differences, and am sure I will find the root cause. When I do, I will get back to you here, so (a) others can see the solution I needed (as they might), and (b) so we can close this support thread.

  3. 3 Posted by Jeroen Heijmans on 27 Mar, 2019 09:02 PM

    Jeroen Heijmans's Avatar

    Well, you were right, I was doing something wrong with the encryption and accounts. Thanks for the help on that!

    I can also confirm that the log shows masks over the actual values of secured variables, even if some custom part of my application (e.g. test output) would log those. What tripped me for a moment there is that when logged in I do see the variable values, but in incognito mode or a different browser I don't. To me that's not ideal, but workable.

    Edit: I opened a new thread for masking the secure variables also when logged in.

  4. Support Staff 4 Posted by Ilya Finkelshte... on 27 Mar, 2019 11:29 PM

    Ilya Finkelshteyn's Avatar

    Great, thanks for the update!

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac