DEV Community

Supraja Tangella
Supraja Tangella

Posted on

๐—ฃ๐—ฟ๐—ผ๐˜๐—ฒ๐—ฐ๐˜ ๐—”๐˜‡๐˜‚๐—ฟ๐—ฒ ๐—ฆ๐—ฒ๐—ฐ๐—ฟ๐—ฒ๐˜๐˜€

โ€œOne leaked secret can cost you millions. Are your Azure PowerShell scripts silently exposing them?โ€

When you use Azure PowerShell, you may see secrets like passwords, tokens, or keys in command outputs or logs.

These can show up by mistakeโ€”especially during automation in GitHub Actions or Azure DevOps.

This is risky. Exposed secrets can let attackers in. Itโ€™s important to keep secrets safe.

Recent versions of Azure PowerShell (v12.0.0 and later) show you a warning if they spot a secret in output.

This helps you catch risks early. You can turn this warning off using:

Update-AzConfig -DisplaySecretsWarning $false

Or set an environment variable:

Set-Item -Path Env:\AZURE_CLIENTS_SHOW_SECRETS_WARNING -Value $false

Also, Azure has changed how it returns access tokens.

It now uses a SecureString instead of a plain String. This makes your tokens less likely to be exposed.

You can still convert a SecureString to plain text if you mustโ€”but that is not recommended.

How are you protecting secrets in your Azure PowerShell scripts? Do you rely on built-in warnings, SecureString, or integrate services like Azure Key Vault?

Top comments (0)