How to Steal Azure DevOps Secrets

Learn how to protect Azure DevOps secrets in this conference talk from NDC London 2023. Explore the vulnerabilities in CI/CD platforms, particularly in handling sensitive configuration data like service account credentials and database connection strings. Discover where secrets are stored, understand variable groups, and delve into access levels for variable groups and secure files. Examine resource authorization, methods to prevent pipeline modification, and the significance of build agent user permissions. Investigate job authorization scope settings, Azure KeyVault integration, and the use of repeat tasks. Finally, learn about environment resources and their role in simplifying on-premises deployment. Gain crucial insights into DevOps security to safeguard your application's sensitive information throughout the development and deployment process.

Intro
DevOps security settings
Where are the secrets? (1)
What are variable groups
Access levels explained (Variable groups and secure files)
Resource authorization
Preventing pipeline modification
Build agent user - The master ring
Job authorization scope settings
Azure KeyVault
Repeat task
Environment resources - simplify on-prem deployment