When you manage Azure resources with Azure PowerShell, the output of commands might expose sensitive
information that you must protect. For example, Azure PowerShell could display passwords, tokens, or
keys in the output when you create them. Some commands can also store the output in log files. This
scenario is often the case when working with GitHub Actions or Azure DevOps.
Understand the risk
It's critical to protect secrets and sensitive information. When mishandled, they can become
accessible to unauthorized users. User errors, such as improperly configured scripts or entering
secrets in plain text as values for parameters, can expose sensitive details in logs, command
history, or version control systems.
Warning message
Azure PowerShell displays a warning message by default beginning with version 12.0.0 to help you
protect sensitive information when it identifies a potential secret in the output of a command.
Disable the warning message
In the following example, the Update-AzConfig cmdlet is used to disable the warning message.
Azure PowerShell
Update-AzConfig -DisplaySecretsWarning$false
You can also use the $Env:AZURE_CLIENTS_SHOW_SECRETS_WARNING environment variable to disable the
warning message.
For security purposes, the default output type of the Get-AzAccessToken cmdlet is scheduled to
change from a plain text String to SecureString. To prepare for this update, use the
AsSecureString parameter before the breaking change occurs.
This change is designed to prevent the inadvertent exposure of sensitive tokens in plain text. To
ensure a smooth transition, update your scripts to use the AsSecureString parameter, as shown in
the following example:
Azure PowerShell
$token = Get-AzAccessToken -AsSecureString
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
Azure PowerShell feedback
Azure PowerShell is an open source project. Select a link to provide feedback:
Secure software development means integrating security into each phase of your development lifecycle, from requirements analysis to maintenance. Microsoft provides many services that can help you develop more secure code and deploy a more secure application in the cloud. This learning path provides an overview of the services and offerings available to help you build secure software as part of a cybersecurity solution.The deadline for agencies to comply with NIST/CISA/OMB guidance on security measures for c
Demonstrate the skills needed to implement security controls, maintain an organization’s security posture, and identify and remediate security vulnerabilities.
