-
-
Notifications
You must be signed in to change notification settings - Fork 3
Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets
github-actions edited this page Dec 17, 2023
·
5 revisions
category: Microsoft Azure DevOps Distributed Task severity: Critical online version: https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets.md
A variable group should not contain any secrets when it is not linked to a key vault.
A variable group should not contain any secrets when it is not linked to a key vault. This is because the secrets will be stored in plain text in the variable group and can be viewed by anyone with access to the variable group.
Mininum TokenType: ReadOnly
Consider removing any secrets from the variable group or replacing them with variables that are linked to a key vault.