Azure.DevOps.Pipelines.Core.NoPlainTextSecrets

category: Microsoft Azure DevOps Pipelines severity: Critical online version: https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Core.NoPlainTextSecrets.md

Azure.DevOps.Pipelines.Core.NoPlainTextSecrets

SYNOPSIS

Build pipeline variables should not contain secrets in plain text.

DESCRIPTION

Build pipeline variables should not contain secrets in plain text. Secrets should be stored in Azure Key Vault and referenced in the variable group. This will prevent the secret from being exposed in the build logs. If the secret is stored in plain text, it will be exposed in the build logs.

Mininum TokenType: ReadOnly

RECOMMENDATION

Consider storing secrets in Azure Key Vault and referencing them in the variable group.

LINKS

Azure DevOps Security best practices - Tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Azure.DevOps.Pipelines.Core.NoPlainTextSecrets

category: Microsoft Azure DevOps Pipelines severity: Critical online version: https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Pipelines.Core.NoPlainTextSecrets.md

Azure.DevOps.Pipelines.Core.NoPlainTextSecrets

SYNOPSIS

DESCRIPTION

RECOMMENDATION

LINKS

Clone this wiki locally