For the sake of cleanliness, I really don't want to run everything inside a shell script.
So I'm using multiline scripts as such:
```
- step:
name: Do something multiline
script:
- |
echo "My variable: $MY_SECRET_VAR"
echo "Everything went fine!"
```
Output, as totally expected:
```
My variable: $MY_SECRET_VAR
Everything went fine!
```
This is fine for echo, but it also doesn't substitute it for fields where you don't echo... Which makes it well, useless.
This makes multiline with secrets totally impossible to use. I have a huge aws command which is either 400 characters long, or I do this multiline - I need to enter password fields through this
Fix this multiline, just run the substitution on it, it's proper YAML after all.
- Mathieu
Hi Mathieu,
Can you please provide an example of a script that isn't replacing the variable correctly?
Variable substitution in the script is not performed by the YAML parser. The script section simply defines Bash commands. So variable substitution will happen at runtime. You need to make sure that the AWS command is formatted to allow for environment variable string substitution. You can do this by running the checking the same command in a terminal or Docker container.
Thanks,
Phil
Hi Mathieu,
I am no on the Bitbucket team, but I will try to help.
Have you defined the variables as per https://confluence.atlassian.com/bitbucket/variables-in-pipelines-794502608.html ?
I noticed that the page I linked contains this text
"Note: Pipelines masks all occurrences of a secure variable's value in your log files, regardless of how that output was generated."
Is it possible that MY_SECRET_VAR is a secured variable and so pipelines is masking it from the logs?
I hope that helps!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.