AzureDevOpsDsc: Change PAT type to `PSCredential` - Githubissues

dsccommunity / AzureDevOpsDsc

This module contains DSC resources for deployment and configuration of initially Azure DevOps Services and later Azure DevOps Server.

MIT License

1 stars 5 forks source link

AzureDevOpsDsc: Change PAT type to `PSCredential` #16

Open SphenicPaul opened 3 years ago

SphenicPaul commented 3 years ago

Logging this issue off the back of the initial PR (#7) so it's logged and not missed...

Details of the scenario you tried and the problem that is occurring

String data type isn't a suitable/ideal type to hold/pass Personal Access Tokens.

Suggested solution to the issue

Update $Pat variables/parameters to use a PSCredential type, although unclear of most suitable option at present:

i) Have every Resource take a $Pat and $ApiUri parameter (where $Pat is updated to be a PSCredential type)
ii) Define a new Connection class which holds ApiUri and PAT information, and which is passed between functions
iii) Use the existing Connection class (as part of current, Azure DevOps, client libraries) ... less preferred perhaps as it couples this module with that?

johlju commented 3 years ago

If PAT is a key that should not be shared then it should be a PSCredential so it is encrypted in the compiled configuration. Otherwise it will be visible in the compiled configuration making it a security problem.