Replace Tokens tasks doesn't support secret connection strings

[sussexrick]

It appears that replacing a connection string as one token with a secret variable doesn't work, because a connection string will contain ; and your code is splitting on that to separate the variables.

In your readme for Replace Tokens you say that the implementation of secret variables can be made a lot better once this issue is fixed. I'm not sure because it was closed due to inactivity but I think it might be fixed - it references this commit which appears to be updating the retrieval of secret variables. I'm not sure if this is exactly the scenario you need though.

Alternatively, an extra property on the task allowing the ability to specify a different separator would do the trick.

[colindembovsky]

Hi @sussexrick thanks for logging this. The referenced issue is not related to this problem.

I think the separator is a requirement for backward compatibility to older versions of Azure DevOps Server (circa 2015). Newer versions of Azure DevOps Server and Azure DevOps (online) don't use the separator for secrets. However, when I've had this issue, I've coached teams to use a single token (__conStr__) for the connection string. Then in the variables, you create a "munged" variable called conStr that has placeholders for values. Something like this:

Variable	Value
conStr	Data Source=$(DBServer),1433;Initial Catalog=$(DBName);User ID=$(DBUsername);Password=$(DBPassword);
DBServer	Name of database server
DBName	Name of database
DBUsername	Username to connect to database
DBPassword	Password for user

Of course the password should be marked as a secret or even retrieved from KeyVault using a variable group.

[sussexrick]

Thanks @colindembovsky, I'll give that a try. I had attempted something similar but obviously didn't quite get the syntax right.