When using Azure yaml pipeline to perform Terraform init task (which calls from a yaml template file), the Azure Service Connection secret is getting displayed as plain text in the pipeline job results.
The client_id is masked, but the client_secret is not
Here is an extract of the resulting job in the pipeline:
...
Your version of Terraform is out of date! The latest version
is 1.3.9. You can update by downloading from https://www.terraform.io/downloads.html
C:\Tools\terraform.exe init -backend-config=storage_account_name=<MY_STORAGE_ACCOUNT_NAME> -backend-config=container_name=<MY_BLOB_CONTAINER_NAME> -backend-config=key=<MY_STATE>.terraform.tfstate -backend-config=resource_group_name=<MY_RESOURCE_GROUP_NAME> -backend-config=subscription_id=<MY_SUBSCRIPTION_ID> -backend-config=tenant_id=<MY_TENANT_ID> -backend-config=client_id=*** -backend-config=client_secret=supersecretpassword
Initializing modules...
...
When using Azure yaml pipeline to perform Terraform init task (which calls from a yaml template file), the Azure Service Connection secret is getting displayed as plain text in the pipeline job results.
The
client_id
is masked, but theclient_secret
is notHere is an extract of the resulting job in the pipeline:
Hoping you can assist or advise. Thanks