Describe the bug
The default behavior of az keyvault secret set will return the secret value in plain text. It is dangerous. In our scenario, we have a script to generate secret then save into kv. We think the secret only exists in memroy and kv, but actually is printed and logged.
Related command
az keyvault secret set --subscription xxxx --vault-name xxx--name test-secret --value '123'
Errors
{
"attributes": {
"created": "2023-09-15T18:41:41+00:00",
"enabled": true,
"expires": null,
"notBefore": null,
"recoveryLevel": "Recoverable+Purgeable",
"updated": "2023-09-15T18:41:41+00:00"
},
"contentType": null,
"id": "xxxxx",
"kid": null,
"managed": null,
"name": "test-secret",
"tags": {
"file-encoding": "utf-8"
},
"value": "123"
}
Issue script & Debug output
No error in script/cmd
Expected behavior
can we make --output none as default
Environment Summary
azure-cli: 2.41.0
Additional context
No response
Describe the bug
The default behavior of
az keyvault secret setwill return the secret value in plain text. It is dangerous. In our scenario, we have a script to generate secret then save into kv. We think the secret only exists in memroy and kv, but actually is printed and logged.Related command
az keyvault secret set --subscription xxxx --vault-name xxx--name test-secret --value '123'
Errors
{
"attributes": {
"created": "2023-09-15T18:41:41+00:00",
"enabled": true,
"expires": null,
"notBefore": null,
"recoveryLevel": "Recoverable+Purgeable",
"updated": "2023-09-15T18:41:41+00:00"
},
"contentType": null,
"id": "xxxxx",
"kid": null,
"managed": null,
"name": "test-secret",
"tags": {
"file-encoding": "utf-8"
},
"value": "123"
}
Issue script & Debug output
No error in script/cmd
Expected behavior
can we make
--output noneas defaultEnvironment Summary
azure-cli: 2.41.0
Additional context
No response