Verify that secrets pulled from AKV are not sent to GitHub logs #1507
Labels
enhancement
This issue or pull request will add new or improve existing functionality
infrastructure
Related to configuring infrastructure necessary for the project
Milestone
Comments
james-garriss
added
enhancement
|
Integrate into code security epic |
8 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
💡 Summary
This is related to: #1504 and #1505
Once we move all the required secrets to Azure Key Vault, we need to make sure that the secrets pulled from AKV are NOT accidentally displayed in GitHub logs when the workflows run.
Motivation and context
Revealing secrets is bad.
Implementation notes
There are potentially some technical solutions for avoiding the problem such as
::add-mask::orsetSecret().See documentation here:
https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#using-workflow-commands-to-access-toolkit-functions
Acceptance criteria
How do we know when this work is done?
The text was updated successfully, but these errors were encountered: