0
votes

Looking for suggestions on a problem I'm facing in pipeline deployments for Azure Functions. I'm using the new Azure App Config service to pull app configuration variables to the pipeline.

These are then being used by an Azure App Service Deploy Task in the App settings section to populate the app configuration of an Azure Function. I'm in need of a way to hide the release logs for this from our developer group in the production stage of our deployment. Otherwise it will display the the app settings in the log file from the release. We still want devs to be able to see other stages of the release pipeline.

I believe I could write a powershell script to mark the variables as secrets, but that seems less manageable based on the number of release pipelines and variables that would need to be scripted. I would rather just be able to hide the logs from everyone besides a select group of users or turn them off for that release task in general by stage.

I'm also trying to avoid using Key-Vault for this scenario.

So long story short- Is there a way to turn off logs for a specific release task in AzDo? If possible by stage? Is there a way to hide logs by stage? Can that be done on a user level?

Suggestions are appreciated.

1
did you find a solution for this?MolteNolte

1 Answers

0
votes

No, this is not possible and leads to security by obscurity.

Just use keyvault or use a script to register the secret values. You don't have to hard-code them in a powershell step or anything, you can register secrets by parsing whatever settings file you have and calling:

 write-host "##vso[task.setvariable variable=$name;issecret=true]$valueToRegister"

See: