Community
FAQ Community User guide Contact Customer Info
Post Reply
stacyirish
Posts: 4
Joined: Tue Dec 06, 2022 10:36 pm

Do not show Azure Key Vault Secret in Jenkins build log

Hello.

After asking a previous question about how to digitally sign an Advanced Installer package in a Jenkins pipeline (script), I implemented the use of the command file from a script as shown:

Code: Select all

AdvancedInstaller.com /execute <path_to_project_file> <command_file_path> [-nofail]
However, this outputs the secret text directly into the build log which does not keep the secret very secret at all. I've tried to use the environment variable option in the command file by creating a System level environment variable named "AzureKeyVaultSecret" and using it in the command file as such:

Code: Select all

SetAzureKeyVaultSecret AzureKeyVaultSecret -secret_is_env_var_name
This does not seem to work, though, and results in the following log:
>AdvancedInstaller.com /execute TestProject.aip aicommandfile.txt
SetAzureKeyVaultSecret AzureKeyVaultSecret -secret_is_env_var_name
Save
Rebuild

Checking builds status
Build required.

[ DefaultBuild ]
Building package: [...]TestProject_Setup.exe
Prepare build
Detecting MSI incompatible resources
Preparing files
Unable to get Azure Sign token. AADSTS7000216: 'client_assertion', 'client_secret' or 'request' is required for the 'client_credentials' grant type.
Trace ID: 358c3bee-a3d7-417e-a578-6486db90c100
Correlation ID: 6d87449a-8c93-4ba0-8087-2b163ec1b750
Timestamp: 2023-09-13 23:17:54Z

Build finished because an error was encountered.
Is there any way to digitally sign an Advanced Installer package via a Jenkins pipeline script and keep the Azure Key Vault Secret a secret?

Any help is appreciated.
Catalin
Posts: 6608
Joined: Wed Jun 13, 2018 7:49 am

Re: Do not show Azure Key Vault Secret in Jenkins build log

Hello,

First of all, please accept my apologies for the delayed reply - some of our colleagues are on sick leave and this resulted into a delay in response time.

Regarding this, please have a look over the following article:

Configure a Digital Certificate in a Jenkins Build Step: Jenkins Credentials and Azure Key Vault

point 2.1 and 2.2, which I think is exactly what we are looking for here.

Hope this helps!

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube
Post Reply

Return to “Building Installers”