You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When creating Docker secrets from the Azure DevOps pipeline library, a Byte Order Mark (BOM) consisting of ASCII characters 239, 187, and 191 is being prepended to the secret value. This prevents the secret from being used correctly in sensitive contexts such as passwords or certificates.
I request that the pipeline library be modified to prevent the injection of BOM characters into created secrets to ensure their integrity and usability.
if the secret is record in the pipeline library as SERVICE_PFX_PASSWORD="asd" when a script in the pipeline runs:
When creating Docker secrets from the Azure DevOps pipeline library, a Byte Order Mark (BOM) consisting of ASCII characters 239, 187, and 191 is being prepended to the secret value. This prevents the secret from being used correctly in sensitive contexts such as passwords or certificates.
I request that the pipeline library be modified to prevent the injection of BOM characters into created secrets to ensure their integrity and usability.
if the secret is record in the pipeline library as SERVICE_PFX_PASSWORD="asd" when a script in the pipeline runs:
echo "$(SERVICE_PFX_PASSWORD)" | docker secret create service_pfx_password -it will echo SERVICE_PFX_PASSWORD with " asd" being the first three characters the injected BOM characters.
PS: The agent where this script is running is a Windows machine.
The text was updated successfully, but these errors were encountered: