Securing your secrets

While developing on your local machine it is reasonably low risk to include your secret in plain text however if you wish to store the script in a shared environment or publish to the Internet it is best to obfuscate the secret. Once a script goes into production, regardless of if its local only or shared medium the secret must be protected.

Most organisations will have a standard you must adhere to. Our recommendation is to use an Azure Keyvault and grant just enough access for the application to read the secret. We cannot use this in the workshop as it requires an Azure Subscription which we did not create.

We will be using a PowerShell module called SecretStore. The activity will follow what is described in this blog and integrate with our scripts.

SecretManagement and SecretStore are Generally Available