We've noticed the build logging and profiling tools that we use with our C# builds in Azure Pipelines tend to cache environment variables quite a bit and it's come up in threat reviews that we really should never be putting tokens in environment variables because of how often & easily they tend to be logged or persisted in build artifacts. Is there a way to use this and the NuGet Authentication task without the VSS_NUGET_EXTERNAL_FEED_ENDPOINTS environment variable? A file in the Agent.TempDirectory would seem to be better, preferably even encrypted until the tool is actually called in a similar vain to how the Azure Pipelines agent stores secret variables during runtime.
We've noticed the build logging and profiling tools that we use with our C# builds in Azure Pipelines tend to cache environment variables quite a bit and it's come up in threat reviews that we really should never be putting tokens in environment variables because of how often & easily they tend to be logged or persisted in build artifacts. Is there a way to use this and the NuGet Authentication task without the VSS_NUGET_EXTERNAL_FEED_ENDPOINTS environment variable? A file in the Agent.TempDirectory would seem to be better, preferably even encrypted until the tool is actually called in a similar vain to how the Azure Pipelines agent stores secret variables during runtime.