要从密钥库中提取机密并将其用作应用程序中的环境变量，请使用密钥库引用，如下所述： https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references

然后只需将引用添加到应用程序设置中。例如：

@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecret/)

就这样。无需修改dotenv代码来执行任何特殊操作，因为应用程序设置已经被应用程序服务作为环境变量注入到应用程序中

不要忘记将您的应用程序服务实例（托管标识）添加到密钥库的访问策略中，否则这些都不起作用- https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references#granting-your-app-access-to-key-vault

关于向Dockerfile传递变量，请检查我的答案here

请在from之后添加参数

FROM alpine

ARG serverName
RUN echo $serverName

然后像这样运行它

- task: Docker@2
  inputs:
    containerRegistry: 'devopsmanual-acr'
    command: 'build'
    Dockerfile: 'stackoverflow/85-docker/DOCKERFILE'
    arguments: ' build-arg a_version=$(SERVER_NAME)'

在从KeyVault获取值方面，您可以使用Azure Key Vault task

# Azure Key Vault
# Download Azure Key Vault secrets
- task: AzureKeyVault@1
  inputs:
    azureSubscription: 
    keyVaultName: 
    secretsFilter: '*'
    runAsPreJob: false # Azure DevOps Services only

请注意，此任务创建的by deault变量被标记为机密，因此它们不会映射到环境变量

You can still try to use your approach but first you need to map it.

- powershell: |
    Write-Host "Using an input-macro works: $(mySecret)"
    Write-Host "Using the env var directly does not work: $env:MYSECRET"
    Write-Host "Using a global secret var mapped in the pipeline does not work either: $env:GLOBAL_MYSECRET"
    Write-Host "Using a global non-secret var mapped in the pipeline works: $env:GLOBAL_MY_MAPPED_ENV_VAR" 
    Write-Host "Using the mapped env var for this task works and is recommended: $env:MY_MAPPED_ENV_VAR"
  env:
    MY_MAPPED_ENV_VAR: $(mySecret) # the recommended way to map to an env variable