-
Notifications
You must be signed in to change notification settings - Fork 7
2: Keeping secrets secret
Kevin Chant edited this page Jun 9, 2022
·
1 revision
One thing that is important to realize when working with workflows is that you need to avoid putting sensitive information about Azure Synapse inside your workflows.
A good example of how somebody can accidentally expose sensitive information can be found in my post 'Keep your Azure Synapse secrets secret in GitHub'.
In reality, there are a various ways you can keep sensitive information secure when working with workflows within GitHub. Including the below methods:
- Adding encrypted secrets to your repository.
- Adding encrypted secrets at an organization level (depending on which GitHub product you are using)
- Using a GitHub Action called get-keyvault-secrets to get secrets from the Azure Key Vault service.
Due to more companies requesting the use of Azure Key Vault options 3 may be more appealing to you.