🔥 3-day streak
Microsoft DevOps Engineer Expert134 / 138
Question 134 of 138

Your team runs a set of Azure DevOps self-hosted agents on an Azure Virtual Machine Scale Set. Pipelines running on these agents must authenticate to Azure Key Vault and an Azure Storage account. Currently, a service principal's client secret is stored in a pipeline variable group and passed to the agents at runtime. Security has flagged that the secret is nearing expiry and requires manual rotation, and they want to eliminate stored credentials entirely for these Azure resource calls made directly from the agent VMs. What should you implement?

Reviewed for accuracy · Report an issueNext question