What is the best way to secure secrets in a CI/CD pipeline?

• Use Azure Key Vault to store secrets, connection strings, and certificates.
• Configure managed identity for pipeline tasks.
• Avoid storing secrets in code or pipeline variables directly.

Example – Azure DevOps pipeline:

• task: AzureKeyVault@2

inputs:

azureSubscription: 'MyServiceConnection'

KeyVaultName: 'MyKeyVault'

SecretsFilter: '*'