Closed AArnott closed 4 years ago
Removing this actually broke feed auth, but we didn't detect it because this template doesn't require any authenticated feeds. We need to find a way to pass the token from the AzP task-level to the script, but without using the command-line parameter. Maybe set an env var? They get cleaned up after every task automatically, so that should be reasonably safe for a constrained bit of code.
This exposes part of the access token in logs when an error occurs in the script and powershell then prints part of the access token in the error message as part of the command line. Since it's a truncated token, AzP's secret-masking doesn't recognize and mask it.
Providing the access token shouldn't be necessary any more anyway because the Azure Artifacts cred provider plugin should take care of it.