Bitbucket pipeline replacing text with variable?

Question

I have a bitbucket pipeline to push a docker image. I've defined the variable $DOCKERHUB_USERNAME=example

In my build step I have the line:

VERSION=$(npm run version --workspace=@example/core-web --silent)

When this runs though, its replacing @example with @$DOCKERHUB_USERNAME

VERSION=$(npm run version --workspace=@$DOCKERHUB_USERNAME/core-web --silent)

How can I escape that text so bitbucket doesn't try to replace it with the variable thats set to the same text? It just coincidentally is the same name, but they are not related.

Answer 1

If an environment variable is marked as a secret variable, Bitbucket activates a security feature that masks any accidental print of its value in the logs, replacing it by its variable name.

See https://support.atlassian.com/bitbucket-cloud/docs/variables-and-secrets/#Secured-variable-masking

Note this has no effect on the actual instructions being run: the value is only masked in the pipeline logs that are shown to you.

You should avoid such weak secrets. Using dictionary words that can legitimately show up in the logs will cause this security feature to expose the value of your secret so that it could be inferred even if it was never deliberately printed.

If you do not want to setup a secure value because it is not truly a secure variable, simply configure the variable as a regular public variable.