category	severity	online version
Microsoft Azure DevOps Distributed Task	Critical	https://github.com/cloudyspells/PSRule.Rules.AzureDevOps/blob/main/src/PSRule.Rules.AzureDevOps/en/Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets.md

Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets

SYNOPSIS

A variable group should not contain any secrets when it is not linked to a key vault.

DESCRIPTION

A variable group should not contain any secrets when it is not linked to a key vault. This is because the secrets will be stored in plain text in the variable group and can be viewed by anyone with access to the variable group.

Mininum TokenType: ReadOnly

RECOMMENDATION

Consider removing any secrets from the variable group or replacing them with variables that are linked to a key vault.

LINKS

Create a variable group with key vault

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets.md

Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets.md

Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets

SYNOPSIS

DESCRIPTION

RECOMMENDATION

LINKS

Files

Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets.md

Latest commit

History

Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets.md

File metadata and controls

Azure.DevOps.Tasks.VariableGroup.NoKeyVaultNoSecrets

SYNOPSIS

DESCRIPTION

RECOMMENDATION

LINKS