How to pass "my secrets" in the "Download Azure Pipelines Artifact and Run Script"-Artifact "Script Arguments"-Field?

[RicoSoe]

As a team we are not allowed to use our own artifact repository in our company, but we are allowed to use to use pipelines with the Download Azure Pipelines Artifact and Run Script.
Is it possible to directly pass and resolve my secrets variables (like their usage in the Artifactfile.json or the yaml), to the Script Arguments of the "Download Azure Pipelines Artifact and Run Script"-Artifact , so I can decode those in my Powershell-script to run?
If yes, is there an example how they must be notated, so the can be resolved?

[leovms]

@RicoSoe, apologies. It seems we never answered this question for you. I understand you may have already found a workaround for this issue, but I'll nevertheless go ahead and provide an answer for others who may fall upon this thread.

When you execute a deployment using Azure DevOps Pipelines, the identity used will not be you. Therefore, any secret references will not be correctly locatable and expanded, as you seek.

An alternative is to create a pipeline variable and mark it as a "secret". It will then be possible to pass it to the template, and consequently to your script, as a parameter value. Marking the variable as a "secret" will ensure that the value will not be leaked out in any pipeline logs.

DTL has a story in the backlog to implement lab level secrets, but I would not have an ETA for you for that.