Welcome to DevJev.nl: Your Guide to Azure, Cloud Security, and DevOps Mastery

With this post I want to share my approach to naming Azure DevOps variable groups. This post is the 3rd in the naming convention series .

The naming convention

In my experience there are a lot of different way’s Azure DevOps projects are organized. Also in contrary to the Azure resource naming variable groups are renamable and don’t possess an ability to hold additional metadata like tagging. This changes the approach to naming to focus much more on meaningful and descriptive naming within the context of the Azure DevOps project. Therefore a truly holistic naming of variable groups is challenging to achieve. But abiding the The 10 commandments for Azure naming conventions should still be feasible.

This post is the 2nd in the naming convention series . With this post I want to share my approach to naming Azure resources. Why a naming convention is important is already covered by my previous post . However I do believe that some background is required to understand this approach. So, lets dig in.

There are many Azure related naming conventions guides but this one is mine! For every 10 engineers and architects asked you will get 10 different replies on such a topic as naming conventions. With this blog post I would like to kick-off a small series of blog posts sharing my view points about Azure related naming conventions. In this post starting with why a proper naming convention is important and the 10 commandments I generally follow when working on a naming convention.

Back when all the Cloud and SaaS offerings where a brand new concept most IT administrators ended up choosing the domain name of a tenant. This choice would be then reflected in the SharePoint Online url and the only way to change it was to create brand new tenant. Either due to the somewhat poor choice from the IT administrators, due to mergers, rebranding or acquisitions some organization ended up with lets say less desirable domain name for their SharePoint URL.
Responding to clients with a “no it is not possible to change that” always bothered me back then. So when I learned that this option is now available (in preview) I immediately decided to try it. Via this post I want to share what I learned testing this option.

Like with the two previous posts Hacking Azure DevOps and I am in your pipeline reading all your secrets! I want to continue to raise awareness and understanding about pipeline security in Azure DevOps. In the previous post I have explained how secure / marked as secret variables are handled during pipeline runtime.
In this post I want to show how an Azure Resource Manager service connection configuration is handled during pipeline runtime. And which sensitive information is exposed through this service connection.
Like I mentioned in the previous posts, without proper security configuration for pipelines this information could be abused by attackers.

Introduction

With this blog post I want to raise awareness and understanding on how secure / marked as secret variables are handled during pipeline runtime in Azure DevOps and how these can be potentially exfiltrated. If proper security configuration is not in place this could potentially be abused by attackers.

Lets move ahead to create different types of variables and try to retrieve their values. By doing so at the end of this blog post it will be clear why it’s not very sensible to give all project team members full access to pipelines. And why in some cases it’s better to set-up private build agents.