🤯
DevOps help for Azure Platform Engineers
  • Welcome!
  • Pages
    • About me
    • Need to know
      • SOW
      • Testing
        • End to end testing
          • Real-life example
        • Unit testing
          • Real-life example
      • Kubernetes
        • Kubernetes concepts
        • Kubernetes components
        • Questions You should have an answer for.
      • DevOps Lifecycle Management
      • The 12 Factor App
      • Zero Trust Model
        • Real life senarios
      • SIEM and SOAR
      • Cloud compliance
        • ISO/IEC 27001:2022
        • ISO 22301:2019
        • PCI DSS
        • CSA STAR
      • Public Cloud Security Frameworks
        • AWS SRA
        • MCRA
        • Google Cloud Architecture Framework: Security
      • Design for self healing
      • Guide to Blue-Green, Canary, and Rolling Deployments
    • Should Learn
      • Python
      • Terraform
        • Install
        • Terraform tools
          • TFLint
          • Terrascan
          • Chekov
          • Terraform-docs
        • Tips
          • Terraform For_each
          • Conditional Expressions
        • Testing
          • End-to-End (E2E) Testing
          • Terratest
          • Static Code testing
        • Functions
        • Modules
          • Create a Custom Terraform Module
        • Configuration
          • GCP
          • AWS
          • Azure
            • Authenticate Terraform to Azure
              • Specify service principal credentials in environment variables
              • Specify service principal credentials in a Terraform provider block
              • Service Principal for terraform
            • Store Terraform state in Azure Storage
            • Azurerm
            • AzAPI provider
            • Terraform with GitHub Actions
          • Kubernetes provider
          • Backend Best-Practise
      • Bicep
        • Template Spec for bicep
        • Integrate Bicep with Azure Pipelines
        • Bicep with GitHub Actions
        • Use inline scripts
        • Load script file
        • Kubernetes provider
        • Modules
          • Creating Azure Bicep modules 💪
      • Ansible
      • Puppet
      • AZ-CLI
        • Querying dictionary results
          • Advanced use of az-cli in bash
        • Available Azure CLI extensions
      • Azure PowerShell
        • Query output of Azure PowerShell
        • Format Azure PowerShell cmdlet output
        • Conversion to other data formats
        • AKS example
      • Linux
        • Commands
          • envsubst
          • SED
          • AWK
          • Ssh
            • How to Use SSH Config
            • Port Forwarding and Proxying Using OpenSSH
          • JQ
        • OS
          • Linux Tuning
          • Linux Permissions
          • How to avoid multiple sudo commands in one-liners
            • Bash Shortcuts Every Linux User Needs to Know
          • Linux File system hierarchy
        • Services
          • Tmux terminal
          • RDP
        • Configuration
          • Cloud-init
            • Cloud-init examples
      • Go-lang
      • Kubernetes
        • Tips
          • K8s Troubleshooting — Pod in Container Creating Status
          • Kubernetes: Resources for Pods and Containers
        • Tools
          • kubectl
          • kubectx | kubens
          • K8s — Kustomize
          • Helm
        • API
        • Service Mesh
          • Istio
          • Linkerd
        • Ingress controllers
          • Traefik
          • Nginx
          • Contour
          • Gloo Edge
          • Kong
        • Troubleshooting
          • Kubernetes Pod Troubleshooting Commands
      • YAML
        • yq
        • How to create Kubernetes YAML files
      • Java
      • Rust
    • DevOps
      • Tools to install
        • Visual Studio Code
        • PowerShell
          • Oh-my-Posh for PowerShell
          • Scoop for Windows
          • Chocolatey for Windows
        • .Net SDK
        • Azure-cli
        • Lunarvim
          • Lunarvim plugins
        • Winget for Windows
        • Nerd Fonts
        • Windows Terminal
        • Kubernetes
          • Linux
          • Windows
          • Minikube
            • Expose minikube to windows from wsl2
          • K8sgpt
          • Klone
        • WSL2
          • RHEL in WSL2
          • Fedora XX in WSL2
          • Logo-ls ( Icons in WSL terminal)
          • Azul Zulu Java
          • Make Your Terminal DevOps and Kubernetes Friendly
          • Bat a modern alternative to the cat
          • Homebrew
      • GitOps
        • Flux
          • Use GitOps with Flux, GitHub, and AKS to implement CI/CD
      • CI/CD Platforms
        • Azure DevOps
          • Pipelines
            • Create work item on failure
            • Stages
            • Extends
            • Jobs
            • Steps
          • Boards & Work Items
            • New work item
            • PR with work items
          • Azure DevOps: Managing Settings on a Per-Branch Basis
        • GitHub
          • GitHub Action
          • GitHub SecOps
        • GitHub Enterprise
        • Argo CD
          • ArgoCD reallife test
        • Tekton
          • Build and push an image with Tekton
        • Crossplane
          • Intro
          • Azure provider
          • AWS provider
          • GCP provider
        • Flagger
      • Agile Development
        • Team Agreements
          • Definition of Done
          • Definition of Ready
          • Team Manifesto
          • Sections of a Working Agreement
      • Testing
        • E2E Testing
          • E2E Testing Methods
        • Different Testing methods
        • Fault Injection Testing
        • Integration Testing
        • Performance Testing
          • Load Testing
            • Azure Load Testing
            • Apache JMeter
        • Smoke Testing
        • Templates
          • ~Customer Project~ Case Study
          • Insert Test Technique Name Here
      • Code Reviews
        • FAQ
      • Continuous Delivery
        • Secrets Management
        • Blue and Green Deployment in real-life
      • Continuous Integration
      • Documentation
        • Projects and Repositories
        • How to create a static website for your documentation based on mkdocs and mkdocs-material
        • Create Release Notes with pipeline
      • Observability
        • Dashboard
        • Logging
          • Collecting and visualizing Kubernetes events using Loki and Kubernetes Event Exporter for effective
          • Log Management and Distributed Tracing using Grafana Loki and Tempo
        • Metrics
          • Understanding SLI,SLO and SLA
        • Tracing
        • Observability as Code
        • Observability of CI/CD Pipelines
      • Reliability
      • Security
        • Rules of Engagement
        • Overview
        • Threat Modeling
        • Kubernetes
          • Build Phase
          • Deploy Phase
          • Runtime Phase
          • References
      • Source Control
        • Component Versioning
        • Merge strategies
        • Naming branches
        • Working with Secrets in Source Control
      • Engineering Fundamentals Checklist
      • Design
        • Non-Functional Requirements Capture
    • Dev SecOps
      • Real life examples
      • Dependency and Container Scanning
      • Penetration Testing
      • Credential Scanning
        • Running detect-secrets in Azure DevOps Pipelines
      • Secrets Rotation
        • Running detect-secrets in Azure DevOps Pipelines
        • Automate the rotation of a secret for resources that have two sets of authentication credentials
      • Static Code Analysis
        • SonarCloud Scans in AzDO
        • OWASP Zap Scan
        • Checkov
        • Mend ( WhiteSource )
        • Trivy
          • Trivy GitHub Actions
          • Azure DevOps Trivy sans
        • Terrascan
        • TFLint
        • TFSec
        • Configure the Microsoft Security DevOps Azure DevOps extension
        • ARM TTK
    • SRE
      • Toil
      • Simplicity
    • Public Clouds
      • Azure
        • Best Practise
          • Architecture Best Practises
          • Security Best Practise
          • Azure naming standards
          • Azure Tags
        • Azure landing zone
          • Terraform
          • Bicep
          • Landing Zone scenarios
            • AKS
            • OpenShift
            • AKS Cluster for Regulated Workloads
        • Services
          • Azure Databricks
            • Bicep
              • Workspace
            • Terraform
              • Manage Databricks workspaces
          • AKS
            • Terraform
            • Bicep
        • Monitoring
          • OpenTelemetry
            • .Net
      • Google Cloud
      • AWS
    • Private Cloud
    • Best Practises
      • Containers
        • Docker
          • Terraform
          • Bicep
          • Docker-compose
          • Dockerfile
        • Kubernetes
          • K8s tools
            • Kubens
            • Kubectx
            • Kubectl
            • Kustomize
            • K9s
            • Kubeval
            • Kubeaudit
            • Kubecfg
            • k8spacket
          • Kubernetes Best Practices
            • Resource limits
              • JVM memory limits
            • Network Policies
            • Pod security
          • Deployment
            • CI/CD for AKS apps with Azure Pipelines
            • CI/CD for AKS apps with GitHub Actions and GitFlow
          • Vcluster
        • OpenShift
Powered by GitBook
On this page
Edit on GitHub
  1. Pages
  2. DevOps
  3. Source Control

Working with Secrets in Source Control

PreviousNaming branchesNextEngineering Fundamentals Checklist

Last updated 1 year ago

The best way to avoid leaking secrets is to store them in local/private files and exclude these from git tracking with a file. E.g. the following pattern will exclude all files with the extension .private.config:

# remove private configuration
*.private.config

For more details on proper management of credentials and secrets in source control, and handling an accidental commit of secrets to source control.

As an extra security measure, apply credential scanning in your CI/CD pipeline.

.gitignore