Azure Devops YAML - AzureKeyVault task not accepting variable as keyvaultname

Question

What am I doing wrong with the AzureKeyVault task? Looking at the logs when the task runs, it seems to use the variable as a string rather than the value of the variable? And then the task seems to be doing nothing until it times out with connect ECONNREFUSED 127.0.0.1:443.

in task1 i'm setting this variable. i've created a task after this where I am able to write-host the variable value like so: "$($env:KVNAME)".

but then in my azurekeyvault task I use the variable as the KeyVaultName: like I have in task2, but am then running into this issue; the task is treating the variable as a string, which I know by the log created by the task: "key vault name: $($env:KVNAME)"

initially i thought the ##vso... variable setting wasn't working correctly, which is why I created task2 to make sure it was.

Here is my YAML:

jobs:
  - deployment: mydeployment
    displayName: "testingstuff"
    pool:
      vmImage: "windows-2022"
    workspace:
      clean: all
    environment: testing
    strategy:
      runOnce:
        deploy:
          steps:
            - task: AzurePowerShell@5
              displayName: "write global variable"
              enabled: true
              inputs:
                azureSubscription: "sm_Pay-As-You-Go"
                ScriptType: InlineScript
                Inline: |
                  $kv = "mykeyvaultname"
                  Write-Host "##vso[task.setvariable variable=KVNAME;]$kv"
                azurePowerShellVersion: LatestVersion

            - task: AzurePowerShell@5
              displayName: "print variable value"
              enabled: true
              inputs:
                azureSubscription: "sm_Pay-As-You-Go"
                ScriptType: InlineScript
                Inline: |
                  Write-Host "variable: $($env:KVNAME)" #this displays the variable value completely fine in the pipeline logs
                azurePowerShellVersion: LatestVersion

            - task: AzureKeyVault@2
              displayName: "Fetch keyvault secrets"
              enabled: true
              inputs:
                azureSubscription: "sm_Pay-As-You-Go"
                KeyVaultName: $($env:KVNAME) #pipeline logs suggest that the task is treating this variable like a string, logs: "key vault name: $($env:KVNAME)"
                SecretsFilter: SqlConnectionString, StorageConnectionString
                RunAsPreJob: false

Answer 1

This format you're trying to use:

KeyVaultName: $($env:KVNAME)

That's for accessing variables within a powershell script.

But in the parameter to the AzureKeyVault task, that's pipeline yaml and you need to follow the format for pipeline expressions:

KeyVaultName: $(KVNAME)

Note that this is the runtime syntax, which means it will not be evaluated until the task comes to be run; that means that the variable you set in the earlier task is available. There is also compile time syntax, which would be ${{ variables.KVNAME }} which would be evaluated when the pipeline is compiled; but that's no use to you here because the variable doesn't exist at that time.