API Tokens in Azure Release Pipelines

[kaspersoerensen]

Hello,
We are using Azure Release Pipelines to deploy a web-app with Wrangler2 to Cloudflare Workers.

Following the documentation I generated an API Token and created an environmental variable in the Release Pipeline.

This works fine - but only if the API Token is not "hidden". If I hide the API Token (which is the most secure, especially when using external developers), wrangler2 will return the following error:
In a non-interactive environment, it's necessary to set a CLOUDFLARE_API_TOKEN environment variable for wrangler to work. ...

So, my question is: Is there anyway to hide the API Token, in the variable list? Or is that simply not possible?

[Itamaram]

Ran into the same issue, worked around it by storing the api token in base64 as a secret in the pipeline variables, and then before invoking wrangler I decoded it and set the appropriate environment variable in the execution scope to the decoded value.

steps:
- powershell: |
   npm install wrangler -g --loglevel=error
   
   $env:CLOUDFLARE_API_TOKEN = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("$env:CLOUDFLARE_API_TOKEN_BASE64"))
   
   wrangler pages deploy build --project-name $env:CloudflarePagesProjectName
  env:
    CLOUDFLARE_API_TOKEN_BASE64: $(CLOUDFLARE_API_TOKEN_BASE64)

[kaspersoerensen]

I updated the VM used in the pipeline. This seems to have solved the issue and the token can be hidden correctly.