Secure workflow strategy for Azure CLI output configuration (#356)

* add warning for cli output * update * update
2026-03-12 18:07:08 -04:00 · 2023-10-25 17:08:24 +08:00
parent 8bf3bdeba9
commit 4e0edd18ae
1 changed files with 3 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -25,6 +25,9 @@ Note:
 - Ensure the CLI version is 2.30 or above to use OIDC support.
 - By default, Azure access tokens issued during OIDC based login could have limited validity. Azure access token issued by AD App (Service Principal) is expected to have an expiration of 1 hour by default. And with Managed Identities, it would be 24 hrs. This expiration time is further configurable in Azure. Refer to [access-token lifetime](https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens#access-token-lifetime) for more details.

+> [!WARNING]
+> By default, the output of Azure CLI commands print to the stdout stream and are stored in the build logs of the action. Configure Azure CLI to _not_ show output in the console screen or print in the log by setting the environment variable `AZURE_CORE_OUTPUT` to `none`. If you need the output of a specific command, override the default setting using the argument `--output` with your format of choice. For more information on output options with the Azure CLI, see [Format output](https://learn.microsoft.com/cli/azure/format-output-azure-cli).
+
 ## Sample workflow that uses Azure login action to run az cli

 ```yaml