🔥 3-day streak
Microsoft DevOps Engineer Expert127 / 138
Question 127 of 138

Your team stores database connection strings in Azure Key Vault and references them from an Azure Pipelines variable group linked to the vault. The security team requires that when a secret is rotated in Key Vault (for example, after a credential breach), running and future pipeline deployments must pick up the new value without any pipeline YAML edits, without republishing the variable group, and without storing the secret value anywhere in Azure DevOps. Which approach satisfies these requirements?

Reviewed for accuracy · Report an issueNext question