Azure DevOps Wiki
Azure DevOps is a collection of tools and services that help teams plan, collaborate, and deliver software more quickly. SailPoint Entro detects Secrets and NHIs exposed on Azure Devops (as shown below):

Step 1: Locate the Exposed Token with SailPoint Entro Platform

SailPoint Entro supplies the URL to navigate directly to the Azure DevOps Wiki page or section where the token was exposed.
Step 2: Revoke Rotate and Remove the Exposed Token
To remediate the issue, apply the RIGOR workflow:
-
Redact Sensitive Information: Edit the affected Wiki page or section to remove the exposed token. It is also important to delete the previous version(s) of the content from Azure Devops Wiki history. This way the compromised identity cannot be easily recovered by bad actors who are able to gain access to a wiki admin account.
-
Inform the wiki page owner about the token exposure so that the practice is not repeated.
-
Generate a new token if necessary and ensure it is securely vaulted, avoiding exposure in scripts, pipeline configurations, or environment settings.
-
Organize and take notes throughout this process as they will be necessary for a future root cause analysis, response plans, etc...
-
Revoke the exposed token using the token's issuing service, based on the token type provided by SailPoint Entro. Refer to Key Rotation Best Practices.
Step 3 (optional): Use Azure Key Vault for Sensitive Data
Set up Azure Key Vault to securely store sensitive information, such as tokens. Store the new token in Azure Key Vault and update your Azure App Configuration to access the token securely from the vault. Adjust the access policies in Azure Key Vault to allow only authorized applications and services to access the stored secrets.
Step 4: Audit and Review
Review Azure DevOps audit logs to check for any unauthorized access or actions involving the exposed token. Once risk of exposure has subsided, identify key stakeholders to inform and ultimately improve workflows, so the practice is not repeated.
Step 5: Monitor
Set up monitoring and alerts within Azure Devops Wiki or using external monitoring tools to trigger notifications for any unusual activities related to sensitive data access.