Protect secrets in Azure PowerShell
When you manage Azure resources with Azure PowerShell, the output of commands might expose sensitive information that you must protect. For example, Azure PowerShell could display passwords, tokens, or keys in the output when you create them. Some commands can also store the output in log files. This scenario is often the case when working with GitHub Actions or Azure DevOps.
Understand the risk
It's critical to protect secrets and sensitive information. When mishandled, they can become accessible to unauthorized users. User errors, such as improperly configured scripts or entering secrets in plain text as values for parameters, can expose sensitive details in logs, command history, or version control systems.
Warning message
Azure PowerShell can display a warning message, beginning with version 11.4.0, to help you protect sensitive information when it identifies a potential secret in the output of a command.
Enable the warning message
In the following example, the Update-AzConfig cmdlet is used to enable the warning message.
Update-AzConfig -DisplaySecretsWarning $true
You can also use the $Env:AZURE_CLIENTS_SHOW_SECRETS_WARNING environment variable to enable the
warning message.
Set-Item -Path Env:\AZURE_CLIENTS_SHOW_SECRETS_WARNING -Value $true
Azure PowerShell
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for