Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Environment variable name overrides script command.

Pavel
Pavel April 5, 2021

We have a strange bug. 

Pipeline step includes next command:

npm i --save-dev @angular/cli@latest 

 

And the list of repository variables includes the next variable name with value:

name: or_develop_AWS_BUCKET_NAME

value: secured

 

The pipeline log shows next:

image.png

 

Could you please explain why it happening?

Thank you.

Answer
Watch
Like Be the first to like this
347 views

2 answers

0 votes
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 7, 2021

Hi @Pavel,

I can see in the screenshot that the "test" part of the command gets replaced with the variable name, and I believe this is happening because the value of this variable is "test" and it is a secured variable.

From our documentation:

Pipelines masks all occurrences of a secure variable's value in your log files, regardless of how that output was generated.

If you have secure variable value set to a common word, that word will be replaced with the variable name anywhere it appears in the log file. Secured variables are designed to be used for unique authentication tokens and passwords and so are unlikely to be also used in clear text.

You can check our doc for reference:

Please feel free to let me know if you have any questions.

Kind regards,
Theodora

View More Comments
Pavel
Pavel April 7, 2021

Thank you for your reply.

I see what you talking about but i assume you confused a bit.

The only (at least should be) way to replace something in the pipeline (and to see it in log) i need to invoke the variable. For example the variable "test" has value "valueOfTestVar" and the script is: echo $test

In this case i will see the value of "test" variable like valueOfTestVar if this variable exists and has not secured value. If the value is secured i will see $test as the result.

But in my code i`m not invoking test variable and do not have any variable with the name test. And any variable in the script should not be searched by its Value and replaced by value Name.

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 9, 2021

Hi @Pavel,

The value of any secured variable is masked in the Pipelines log, regardless of how it was generated.

In your example, if "test" is a secured variable, with the value "valueOfTestVar", then any occurrence of "valueOfTestVar" in the output of the Pipelines log will be replaced with $test, regardless of whether the value appears because you invoked $test or because it was generated in the output in a different way.

I can open a feature request to change this behavior, but at the moment the output in the Pipelines log file is searched for the value of any secured variable, and if any is found, then it is replaced with the variable name.

Please feel free to let me know if you'd like me to open the feature request for our development team to consider changing this.

Kind regards,
Theodora

Like
Reply
0 votes
Pavel
Pavel April 5, 2021

Changing variable to something else repeats an issue:

image.png

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events