AArnott / Library.Template

A template for a NuGet package with tests, stylecop, fxcop, versioning, and Azure Pipelines build ready to go.
MIT License
131 stars 26 forks source link

Stop passing $(System.AccessToken) in as an argument #49

Closed AArnott closed 4 years ago

AArnott commented 4 years ago

This exposes part of the access token in logs when an error occurs in the script and powershell then prints part of the access token in the error message as part of the command line. Since it's a truncated token, AzP's secret-masking doesn't recognize and mask it.

Providing the access token shouldn't be necessary any more anyway because the Azure Artifacts cred provider plugin should take care of it.

AArnott commented 4 years ago

Removing this actually broke feed auth, but we didn't detect it because this template doesn't require any authenticated feeds. We need to find a way to pass the token from the AzP task-level to the script, but without using the command-line parameter. Maybe set an env var? They get cleaned up after every task automatically, so that should be reasonably safe for a constrained bit of code.