Azure DevOps 管道构建和发布日志如何锁定到特定组?
[英]How can Azure DevOps pipeline build and release logs be locked down to a specific group?
问题描述
Background:
背景:
Our team has removed sensitive information from code and configuration files, instead placing values in Azure KeyVault with Azure DevOps variables collections associated.我们的团队已从代码和配置文件中删除了敏感信息,而是将值放入 Azure KeyVault 中,并关联了 Azure DevOps 变量 collections。 This effectively prevents users from seeing variables in code, and values in the variables collection, but it does not limit values being written to build/release logs.这有效地防止用户看到代码中的变量和变量集合中的值,但它不限制写入构建/发布日志的值。
Question :问题:
What options are available for (1) excluding access to build/release logs and (2) restricting pipeline editing?哪些选项可用于 (1) 排除对构建/发布日志的访问和 (2) 限制管道编辑?
Correction: Values are written to the logs, but values coming from Key Vault are masked as *** values.更正:值已写入日志,但来自 Key Vault 的值被屏蔽为***值。 This resolves our problem, but the overarching question remains.这解决了我们的问题,但首要问题仍然存在。
1 个解决方案
解决方案1
1 2021-08-10 06:15:02
I am afraid that there is no such method could only exclude the access to build and release Logs.恐怕没有这样的方法只能排除build和release Logs的访问权限。
Based on your requirements, you could try to restrict the following permission.根据您的要求,您可以尝试限制以下权限。
For Build Pipeline, you could limit the View builds and Edit build pipeline .对于 Build Pipeline,您可以限制View builds和Edit build pipeline 。
Then the user will have no access to see the Builds and Edit the Pipeline.然后用户将无权查看构建和编辑管道。
For Release Pipeline, you could limit the View releases and Edit release pipeline .对于 Release Pipeline,您可以限制View releases和Edit release pipeline 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.