Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Pipeline multiline does not substitute secret variables

Deleted user February 23, 2019

For the sake of cleanliness, I really don't want to run everything inside a shell script.

 

So I'm using multiline scripts as such:

 

```

- step:

  name: Do something multiline

  script:

    - |

      echo "My variable: $MY_SECRET_VAR"

      echo "Everything went fine!"

```

 

Output, as totally expected:

 

```
My variable: $MY_SECRET_VAR

Everything went fine!

```

This is fine for echo, but it also doesn't substitute it for fields where you don't echo... Which makes it well, useless.

 

This makes multiline with secrets totally impossible to use. I have a huge aws command which is either 400 characters long, or I do this multiline - I need to enter password fields through this

 

Fix this multiline, just run the substitution on it, it's proper YAML after all.

 

- Mathieu

Answer
Watch
Like Marty likes this
2170 views

2 answers

0 votes
Philip Hodder
Philip Hodder
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 5, 2019

Hi Mathieu,

Can you please provide an example of a script that isn't replacing the variable correctly?

Variable substitution in the script is not performed by the YAML parser. The script section simply defines Bash commands. So variable substitution will happen at runtime. You need to make sure that the AWS command is formatted to allow for environment variable string substitution. You can do this by running the checking the same command in a terminal or Docker container.

Thanks,

Phil

Reply
0 votes
Marty
Marty
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 24, 2019

Hi Mathieu,

I am no on the Bitbucket team, but I will try to help.

Have you defined the variables as per https://confluence.atlassian.com/bitbucket/variables-in-pipelines-794502608.html ?

I noticed that the page I linked contains this text

"Note:  Pipelines masks all occurrences of a secure variable's value in your log files, regardless of how that output was generated."

Is it possible that MY_SECRET_VAR is a secured variable and so pipelines is masking it from the logs?

I hope that helps!

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events