Home » Microsoft » AZ-400 v.2 » What should you do?
You use release pipelines in Azure Pipelines to deploy an app. Secrets required be the pipeline are stored as pipeline variables. Logging of commands is enabled for the Azure Pipelines agent.
You need to prevent the values of the secrets from being logged.
What should you do?
A. Store the secrets in the environment variables instead of the pipeline variables.
B. Pass the secrets on the command line instead of in the pipeline variables.
C. Apply a prefix of secret to the name of the variables.
D. Echo the values of the secrets to the command line.
Correct Answer: A
Explanation/Reference:
Don’t set secret variables in your YAML file. Operating systems often log commands for the processes that they run, and you wouldn’t want the log to include a secret that you passed in as an input. Use the script’s environment or map the variable within the variables block to pass secrets to your pipeline.
Incorrect Answers:
B: Never pass secrets on the command line.
C: Adding a prefix does not make the variable a secret. The issecret property makes it secret but does not prevent logging of the secret. D: Never echo secrets as output.
Reference:
https://docs.microsoft.com/en-us/azure/devops/pipelines/process/variables?view=azure-devops&tabs=yaml%2Cbatch
https://docs.microsoft.com/en-us/azure/devops/pipelines/scripts/loggingcommands?view=azure-devops&tabs=bash
