I want to add a feature to my repository on Azure so that any developer on the repository cannot commit any API key somewhere in the code. Currently, it doesn't matter if the API key is hidden or not, one can easily and openly commit the API key written in the code as a string. It's like a feature in GitHub which instantly warns you if you have committed an API key in the code.
Asked
Active
Viewed 201 times
1 Answers
0
How to configure my Azure Repository so that a user cannot commit any sensitive API key?
You could use the tool git-secrets, that can statically analyze your commits, via a pre-commit Git Hook to ensure you’re not trying to push any passwords or sensitive information into your Azure Repos repository.
Additionally, CredScan, a plugin to Azure Pipelines, can detect credentials that are being introduced into pull requests during the PR validation build process. Note, this tool is currently in preview.
You could check another thread and the blog for some more details.
Leo Liu
- 71,098
- 10
- 114
- 135