Home > database >  Masking data inside the files in Azure repository
Masking data inside the files in Azure repository

Time:10-06

I have a need to mask the data, like in Azure Pipelines, but inside the Azure repository files. Is there a way of setting variables, stored apart from the script, as example in Azure pipelines:

variable = $(SecretOne)

This is just to avoid the data being stored inside the scripts, in case someone's cloning the project to their local PC.

CodePudding user response:

Each language runtime (node, dotnet, python etc) has its own way of accomplishing this usually through configuration file transformations, environment variables or an env file or the use of a Key Vault.

Azure Repo's doesn't have anything specific built in to substitute secrets or to prevent secrets from being committed into a repo.

You could setup a pipeline with the GitLeaks task to detect secrets in your repositories so you can take action, but when this happens, the secret is already committed to Azure Repos and you'll need to recycle what secret (password reset, revoke, deny-list).

  • Related