Skip to main content

Making Security a Part of Your Azure CI/CD Pipelines and Templates

by Jeff Christman
SSCP, Senior Cloud Security Consultant, Avanade
October 13 2023

Anyone who reads my articles knows that I often discuss the power of templates. In my day-to-day work, I leverage CI/CD pipelines and templates to accomplish tasks. However, these incredible tools are only as effective as the security measures implemented within them. In this article, you'll learn how to integrate security into your Azure CI/CD pipelines and templates effectively, reducing risks and enhancing your organization's cybersecurity posture.

Increasingly, development teams working on Microsoft Azure are incorporating security considerations into their CI/CD pipeline setups. Instead of embedding subscription IDs or passwords directly into the pipeline, it's advisable to store them in Azure Key Vaults. For example, you might add a secret named 'Admin Username' to your Key Vault. This secret is encrypted and can be safely referenced in your pipeline or code.

The primary risk in CI/CD pipelines is the account used to grant permissions for pipeline operations. When running a pipeline from Azure DevOps—a separate service—you have two main options: connecting it to a service account or a managed identity. Managed identities offer more security because they are assigned to specific resources, thereby limiting their access and reducing risk.

For instance, if you use a managed identity to deploy resources, you can assign it only to a specific subscription. This ensures that the identity has just enough access to perform its tasks, unlike a service account that could potentially be exploited to gain unauthorized access to other networks.

FREE Membership Required to View Full Content:

Joining gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here

About Jeff Christman

Jeff Christman is a Navy Veteran with over 20 years of experience in the IT field. Specializing in cloud migrations, he has worked for companies such as Raytheon, AT&T, and NASA. Currently, he is a Sr. Cloud Security Consultant at a large consulting firm. In addition to his daytime job, he also has published content and courses for,, and 

In his off time, he loves fantasy football, everything tech, and embarrassing his teenage daughters.

More about Jeff Christman