Home > Back-end >  Azure devops security info store
Azure devops security info store

Time:11-09

In below which one has better security for storing sensitve data like db passwords, connection strings.

  1. Create secure variables in Library under piplines section and access during pipeline execution. enter image description here
  2. store all senstive info in keyvault, login to keyvault and get senstive data during pipeline execution

I am using option 1.

If KeyVault approach is more secure than secure variable approach, I am thinking to migrate to KeyVault, otherwise continue to using as is.

I am currently

CodePudding user response:

As Anatoly Mironov suggested in the blog: Azure Key Vault vs. Pipeline Variables | CHUVASH.eu, using pipeline variables is more faster, easier to configure and secure across the pipeline as pipeline administrators of that project can alter the pipeline steps

The pros of using Azure Key Vault are:

  1. Secrets are managed centrally in the Azure
  2. It is easy to audit the Key Vault access
  3. The secrets can be re-used across the pipelines in the DevOps project

The cons of using Azure Key Vault are:

  1. Configuring Key Vault in Azure DevOps requires service principal with Key Vault access
  2. A new service connection needs to be created for each project in the Azure DevOps
  3. Multiple users who have Key Vault access can access your secrets in the Key Vault

Using Pipeline variables is more secure when compared to Azure Key Vault

Page link:https//www.codepudding.com/Backend/184282.html

Prev:Storing Configuration structs in an Interface{} and casting it back to original struct
Next:Your Realtime Database has insecure rules
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding