Forum Discussion

  • terruahmad 

    To mask the Azure App Insights connection string in Azure DevOps:

    Use Secret Variable: Add it as a secret variable in your pipeline settings (APP_INSIGHTS_CONN_STRING). It will be masked in logs.

    - script: |
        export APP_INSIGHTS_CONN_STRING=$(APP_INSIGHTS_CONN_STRING)
      displayName: "Setup App Insights Connection String"

     

    Use Azure Key Vault: Store it in Azure Key Vault, then retrieve it in your pipeline with the Azure Key Vault task. The secret will stay masked.
    - task: AzureKeyVault@1
      inputs:
        azureSubscription: '<Your Service Connection>'
        keyVaultName: '<Your Key Vault Name>'
        secretsFilter: 'APP_INSIGHTS_CONN_STRING'

     

    Both methods will securely mask the connection string in pipeline logs

  • Try below:

     

    • Use Secret Variables in Azure DevOps: Add the connection string as a secret variable in your pipeline settings. This will mask it in logs and keep it secure.
    • Store in Azure Key Vault: Store the connection string in Azure Key Vault and retrieve it in your application using the Azure Key Vault task. This ensures the connection string stays masked.

     

    • terruahmad's avatar
      terruahmad
      Icon for Microsoft rankMicrosoft

      Hello Kidd_Ip,

      Thanks for your response.   We proposed these 2 options to the customer.  However, the customer wants to mask the connection string under App Insight so only limited number of users who have access to Azure Portal and proper RBAC can view the string.

      Thanks.

       

  • Hello Balasubramanim,

    Thanks for your response.   We proposed these 2 options to the customer.  However, the customer wants to mask the connection string under App Insight so only limited number of users who have access to Azure Portal and proper RBAC can view the string.

    Thanks.

Resources