Skip to content

Encrypt automation variables#

Security · Automation Service · Azure.Automation.EncryptVariables

Azure Automation variables should be encrypted.

Description#

Azure Automation allows configuration properties to be saved as variables. Variables are a key/ value pairs, which may contain sensitive information.

When variables are encrypted they can only be access from within the runbook context. Variables not encrypted are visible to anyone with read permissions.

Recommendation#

Consider encrypting all automation account variables.

Additionally consider, using Key Vault to store secrets. Key Vault improves security by tightly controlling access to secrets and improving management controls.


Last update: 2021-09-24