βOne leaked secret can cost you millions. Are your Azure PowerShell scripts silently exposing them?β
When you use Azure PowerShell, you may see secrets like passwords, tokens, or keys in command outputs or logs.
These can show up by mistakeβespecially during automation in GitHub Actions or Azure DevOps.
This is risky. Exposed secrets can let attackers in. Itβs important to keep secrets safe.
Recent versions of Azure PowerShell (v12.0.0 and later) show you a warning if they spot a secret in output.
This helps you catch risks early. You can turn this warning off using:
Update-AzConfig -DisplaySecretsWarning $false
Or set an environment variable:
Set-Item -Path Env:\AZURE_CLIENTS_SHOW_SECRETS_WARNING -Value $false
Also, Azure has changed how it returns access tokens.
It now uses a SecureString instead of a plain String. This makes your tokens less likely to be exposed.
You can still convert a SecureString to plain text if you mustβbut that is not recommended.
How are you protecting secrets in your Azure PowerShell scripts? Do you rely on built-in warnings, SecureString, or integrate services like Azure Key Vault?
Top comments (0)