Encrypt automation variables
March 21, 2025 ยท View on GitHub
SYNOPSIS
Azure Automation variables should be encrypted.
DESCRIPTION
Azure Automation allows configuration properties to be saved as variables. Variables are a key/ value pairs, which may contain sensitive information.
When variables are encrypted they can only be access from within the runbook context. Variables not encrypted are visible to anyone with read permissions.
RECOMMENDATION
Consider encrypting all automation account variables.
Additionally consider, using Key Vault to store secrets. Key Vault improves security by tightly controlling access to secrets and improving management controls.