For platform engineers, securely managing sensitive information across dev and test environments is a critical responsibility. Each workflow, from provisioning virtual machines to deploying artifacts and automating environment setup, often involves handling credentials, SSH keys, and API tokens. Sharing these in chat, hardcoding them into scripts, or keeping them in plain text is not secure. We consistently heard this feedback from our customers; in the absence of a centralized solution, secrets can end up distributed across emails, chat threads, and scripts. This distribution can elevate the risk of unintended exposure and lower the effectiveness of collaboration. 

We heard you loud and clear and to address this pain point, we’re excited to introduce Lab Secrets in Azure DevTest Labs, giving platform engineers a secure way to centrally manage secrets while keeping teams productive and secure. 

With Lab Secrets, you can store sensitive data once at the lab level and make it available wherever it’s needed. No duplication, improved security against credential exposure, and smoother automation. It’s about giving teams what they need without compromising on security.  

✨ Why lab secrets are helpful

• Better security: Keep credentials such as passwords, keys, and tokens safely stored and encrypted.  

• Centralized management: Set up secrets once at the lab level and use them wherever they’re needed. 

• Easier automation: Use secrets in scripts, VM setups, and artifacts without hardcoding them. 

• Team-friendly: Enable collaboration in shared environments while keeping credentials protected. 

🧪 Example use-cases 

• Provisioning Test VMs: A platform engineer needs to spin up multiple Windows and Linux VMs for a team of developers. Instead of sharing passwords over chat or email, they can store them as lab secrets, allowing each VM to access credentials securely during setup. 

• Deploying artifacts from private repositories: When deploying artifacts that require cloning code from private Git repositories, a personal access token can be stored as a lab secret scoped to artifacts. This enables seamless authentication without exposing tokens in scripts or logs. 

• Automating environment setup: Automation scripts often require sensitive data like API keys or SSH credentials. By storing these as lab secrets, scripts can securely retrieve them during execution without embedding values directly in code. 

🙌 How to set up lab secrets 

Getting started is simple: 

1. Within the Azure portal, navigate to your Lab → Configuration and Policies → Settings → Lab Secrets.
2. Click + Add, give it a name and value, and pick a scope: 
   • Formulas and Virtual Machines: Use secrets to set user passwords or SSH keys for secure access to Windows or Linux VMs. 
   • Artifacts: Add secrets like personal access tokens to support scenarios such as cloning private Git repositories when deploying artifacts. 
3. Click Create. On create, your secrets are securely stored and automatically available within the scope you selected. DevTest Labs automatically creates a Key Vault in the same resource group as the lab to store your lab secrets.  

Try Lab Secrets in Azure DevTest Labs today and simplify the way you manage sensitive information. 

Get started with DevTest Labs today! To learn more, visit What is Azure DevTest Labs? – Azure DevTest Labs | Microsoft Learn. 

With your feedback, we’re continuing to improve Azure DevTest Labs to make development and test workflows smoother and more secure. Share your feedback with us at the DevTest Labs · Community