Use Azure Keyvault secret credentials in Cypress UI tests running in Azure Devops pipeline-CodePudding

I am looking for a solution to run my cypress end to end tests in the pipeline. The tests use credentials to log in. For security purposes I want to fetch the secret credentials from the Azure Key vault. Fetching the secret works through the 'Azure key vault' task. But then theres the problem, when I want to use

    - task: AzureKeyVault@2
  inputs:
    azureSubscription: 'mysubscription'
    KeyVaultName: 'mykeyvaultname'
    SecretsFilter: 'mysecret'
    RunAsPreJob: false

Then I can access the secret through $(mysecret) but the value is still kept secret in the pipeline.

npx cypress run #--ci-build-id $BUILD_BUILDNUMBER --record --parallel --env mypw=$(mysecret)

This shows an output when running the pipeline

Generating script.
Script contents:
npx cypress run #--ci-build-id $BUILD_BUILDNUMBER --record --parallel --env mypw=***

This makes the tests fail.

This instruction (bottom of page) by microsoft suggests to write the password to a TXT file: https://learn.microsoft.com/en-us/azure/devops/pipelines/release/azure-key-vault?view=azure-devops&tabs=yaml This works, but then when I read from the txt file in the pipeline again, the value is once again encrypted to ***

is there a way around this to use the keyvault secret in my tests?

CodePudding user response：

For security reason, Azure DevOps will redact the secret value as star(*) on the log console UI, this is by designed behavior. But you should still be able to use the secret value with syntax $(secretname).

To validate if the failure is caused by the secret value, you can temporarily disable AzureKeyVault@2 task, use real value for secret in npx cypress run command, check it will work.

in addition, it appears there's an extra # in the npx cypress run command, which commmentted the latter parameters, please remove the # for a check.