Use Environment Variables for Credentials

You can use credentials as environment variables in scripts to execute workflow steps. The credentials are previously set, then retrieved and executed in the context of a script.

To make the credentials available to reference as environment variables, you must first enable the required system properties. For more information about the required system properties, see the credentials listed below.

The following credentials are available to use as environment variables:

The following shows an example of a script that uses AWS cloud account credentials as environment variables in a workflow step.

powershell.exe &{Import-module AWSPowerShell;
$AccessKey = (Get-Item Env:AWS_ACCESS_KEY_ID).value;
$SecretKey = (Get-Item Env:AWS_SECRET_ACCESS_KEY).value;
Set-AWSCredentials -AccessKey $AccessKey -SecretKey $SecretKey -StoreAs vCommander;
Initialize-AWSDefaults -ProfileName vCommander -Region "us-east-1" ;
$status = (Get-EC2instance).Instances.InstanceID;
if($status){Write-host "Managed system connected with environment Variables"
Write-host "Instance List: $status"
}
}

The following shows an example of an embedded script that uses a named Commander credential and a selected credential as environment variables in a workflow step.

$Username = (Get-Item Env:COMMANDER_CREDENTIALS_USERNAME).value;
$Password= (Get-Item Env:COMMANDER_CREDENTIALS_PASSWORD).value;
Write-host "Username = $username"
Write-host "Password = $Password"

$Username = (Get-Item Env:SELECTED_CREDENTIALS_USERNAME).value;
$Password= (Get-Item Env:SELECTED_CREDENTIALS_PASSWORD).value;
Write-host "Selected Username = $username"
Write-host "Selected Password = $Password"

Write-host "Env"

Cloud account credentials

To target cloud accounts in workflow steps without creating additional credentials, do the following:

Cloud account credentials are only available for AWS, Azure, SCVMM, and VMware cloud accounts. Credentials for GCP and K8s are currently unsupported.

  1. Enable the embotics.workflow.script.credentials system property. For more information, see Set system properties in Commander.
  2. In the Execute Script and Execute Embedded Script steps, enter any of the following variables into the Script Contents:
    • For AWS cloud accounts:
      • $AccessKey = (Get-Item Env:AWS_ACCESS_KEY_ID).value;
      • $SecretKey = (Get-Item Env:AWS_SECRET_ACCESS_KEY).value;
    • For Azure cloud accounts:
      • $SubscriptionId = (Get-Item Env:AZURE_SUBSCRIPTION_ID).value;
      • $ApiKey = (Get-Item Env:AZURE_API_KEY).value;
      • $TennantId = (Get-Item Env:AZURE_TENANT_ID).value;
      • $ApplicationId = (Get-Item Env:AZURE_APPLICATION_ID).value;
    • For SCVMM cloud accounts:
      • $Username = (Get-Item Env:SCVMM_USERNAME).value;
      • $Password = (Get-Item Env:SCVMM_PASSWORD).value;
    • For VMware cloud accounts:
      • $Username = (Get-Item Env:VMWARE_USERNAME).value;
      • $Password = (Get-Item Env:VMWARE_PASSWORD).value;

    For more information, see Execute Scripts Through Workflow Steps.

Named Commander credential

To make a named credential available to workflow steps for connections back to Commander, do the following:

  1. Add the required named credential. For more information, see Manage Credentials.
  2. Set the value of the embotics.workflow.credentials.commander system property to the name of the credential you want to use. For more information, see Set system properties in Commander.
  3. In the Execute Embedded Script steps, enter the following variables into the Script Contents:
    • $Username = (Get-Item Env:COMMANDER_CREDENTIALS_USERNAME).value;
    • $Password= (Get-Item Env:COMMANDER_CREDENTIALS_PASSWORD).value;

    For more information, see Execute Scripts Through Workflow Steps.

Selected credential

To use the credential that you selected in the Credentials field for the workflow step, do the following:

  1. Enable the embotics.workflow.script.credentials system property. For more information, see Set system properties in Commander.
  2. In the Execute Embedded Script steps, do the following:
    1. From the Credentials field, select the required credential.
    2. In the Script Contents, enter the following variables:
      • $Username = (Get-Item Env:SELECTED_CREDENTIALS_USERNAME).value;
      • $Password = (Get-Item Env:SELECTED_CREDENTIALS_PASSWORD).value;

    For more information, see Execute Scripts Through Workflow Steps.