Skip to content
Latchkey

Azure Pipelines "The secure file ... could not be downloaded"

The DownloadSecureFile task could not fetch a secure file from the Library. Either the secureFile name does not match a stored file, or the pipeline has not been authorized to use that secure file.

What this error means

A DownloadSecureFile step fails with ##[error]The secure file X could not be downloaded or a not authorized error referencing the secure file resource.

Azure DevOps
##[error]The secure file 'signing.p12' could not be downloaded, or you are not
authorized to use it in this pipeline.

Common causes

The pipeline is not authorized for the secure file

Secure files are protected resources; a pipeline must be granted access before it can download one, like service connections and variable groups.

Wrong secure file name

The secureFile input does not match the name stored in Pipelines, Library, Secure files.

How to fix it

Authorize and reference the secure file

In Library, Secure files, allow the pipeline to use the file, then reference it by its exact stored name.

azure-pipelines.yml
- task: DownloadSecureFile@1
  name: signingCert
  inputs:
    secureFile: 'signing.p12'

Use the downloaded path safely

Reference the task output path for the downloaded file rather than guessing a location.

azure-pipelines.yml
- script: echo "$(signingCert.secureFilePath)"

How to prevent it

  • Authorize each pipeline that needs a secure file in the Library.
  • Reference secure files by their exact stored name.
  • Use the task output path variable for the downloaded file.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →