Is there a way to have the main Azure pipeline yaml file of a project in the developer's repo, but also completely hide credentials and access tokens from the developers? I mean even the variables names, so they can't reveal it using a step like this:
steps:
- script: |
echo SECRET_PASSWORD=$(SECRET_PASSWORD) > ~/secret_password.txt
env:
SECRET_PASSWORD: $(SECRET_PASSWORD)
And later read contents of: ~/secret_password.txt
As long as they know the variables names they can uncover them in many ways.
How can I provide atomic actions (E.g 'push-package-to-server', 'authenticate-to-server', 'update-database-entry' etc.) that use my secret credentials/access-tokens but also unaccessible for others to read and find out the logic. Allow only to include/templating and use as an atmoic action with parameters/variables?
