Azure DevOps Code
Azure DevOps is a collection of tools and services that help teams plan, collaborate, and deliver software more quickly. SailPoint Entro detects Secrets and NHIs exposed on Azure Devops (as shown below):

Step 1: Locate the Exposed Token with SailPoint Entro Platform

- Access your Azure DevOps instance using the link provided by SailPoint Entro to navigate directly to the location of the exposed token.
Step 2: Revoke Rotate and remove the Exposed Token
To remediate the issue, use the RIGOR workflow:
-
Redact Sensitive Information: Go to the affected pipeline or project settings in Azure DevOps and update them to replace references to the exposed token.
-
Inform the owner about the token exposure so that the practice is not repeated.
-
Generate a new token if necessary and ensure it is securely vaulted, avoiding exposure in scripts, pipeline configurations, or environment settings.
-
Organize and take notes throughout this process as they will be necessary for a future root cause analysis, response plans, etc...
-
Revoke any exposed tokens through the issuing service based on the token type provided by SailPoint Entro. Refer to Key Rotation Best Practices.
Step 3 (optional): Use Azure Key Vault for Sensitive Data
Set up Azure Key Vault to securely store sensitive information, such as tokens. Store the new token in Azure Key Vault and update your Azure App Configuration to access the token securely from the vault. Adjust the access policies in Azure Key Vault to allow only authorized applications and services to access the stored secrets.
Step 4: Audit Access
Review audit logs in Azure DevOps to ensure that no unauthorized access occurred while the token was exposed.
Step 5: Monitor
Set up monitoring and alerts within Azure DevOps or through external monitoring tools to notify you of any unusual activity related to the pipeline or access to sensitive data.