{"id":1052,"date":"2025-09-04T11:37:07","date_gmt":"2025-09-04T18:37:07","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/develop-from-the-cloud\/?p=1052"},"modified":"2025-09-04T11:37:07","modified_gmt":"2025-09-04T18:37:07","slug":"%f0%9f%8e%89enhancing-security-and-streamlining-configuration-with-lab-secrets-in-azure-devtest-labs","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/develop-from-the-cloud\/%f0%9f%8e%89enhancing-security-and-streamlining-configuration-with-lab-secrets-in-azure-devtest-labs\/","title":{"rendered":"\ud83c\udf89Enhancing security and streamlining configuration with Lab Secrets in Azure DevTest Labs"},"content":{"rendered":"<p><span data-contrast=\"none\">For platform engineers, securely managing sensitive information across dev and test environments is a critical responsibility. Each workflow, from provisioning virtual machines to deploying artifacts and automating environment setup, often involves handling credentials, SSH keys, and API tokens. <\/span><span data-contrast=\"auto\">Sharing these in chat, hardcoding them into scripts, or keeping them in plain text is not secure. <\/span><span data-contrast=\"none\">We consistently heard this feedback from our customers; in the absence of a centralized solution, secrets can end up distributed across emails, chat threads, and scripts. This distribution can elevate the risk of unintended exposure and lower the effectiveness of collaboration.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">We heard you loud and clear and to address this pain point, we&#8217;re excited to introduce\u202fLab Secrets in Azure DevTest Labs, giving platform engineers a secure way to centrally manage secrets while keeping teams productive and secure.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">With Lab Secrets, you can store sensitive data once at the lab level and make it available wherever it\u2019s needed. No duplication, <!--StartFragment --><span class=\"cf0\">improved security against credential exposure<\/span><!--EndFragment -->, and smoother automation. It\u2019s about giving teams what they need without compromising on security. <\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/develop-from-the-cloud\/wp-content\/uploads\/sites\/81\/2025\/09\/Lab-secrets-screenshot.png\"><img decoding=\"async\" class=\"wp-image-1053 size-large\" src=\"https:\/\/devblogs.microsoft.com\/develop-from-the-cloud\/wp-content\/uploads\/sites\/81\/2025\/09\/Lab-secrets-screenshot-1024x541.png\" alt=\"Lab secrets screenshot image\" width=\"1024\" height=\"541\" srcset=\"https:\/\/devblogs.microsoft.com\/develop-from-the-cloud\/wp-content\/uploads\/sites\/81\/2025\/09\/Lab-secrets-screenshot-1024x541.png 1024w, https:\/\/devblogs.microsoft.com\/develop-from-the-cloud\/wp-content\/uploads\/sites\/81\/2025\/09\/Lab-secrets-screenshot-300x158.png 300w, https:\/\/devblogs.microsoft.com\/develop-from-the-cloud\/wp-content\/uploads\/sites\/81\/2025\/09\/Lab-secrets-screenshot-768x406.png 768w, https:\/\/devblogs.microsoft.com\/develop-from-the-cloud\/wp-content\/uploads\/sites\/81\/2025\/09\/Lab-secrets-screenshot-1536x811.png 1536w, https:\/\/devblogs.microsoft.com\/develop-from-the-cloud\/wp-content\/uploads\/sites\/81\/2025\/09\/Lab-secrets-screenshot-2048x1082.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/p>\n<h3>\u2728 Why lab secrets are helpful<\/h3>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Better security: Keep credentials such as passwords, keys, and tokens safely stored and encrypted.\u00a0<\/span><span data-ccp-props=\"{&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Centralized management: Set up secrets once at the lab level and use them wherever they\u2019re needed.<\/span><span data-ccp-props=\"{&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Easier automation: Use secrets in scripts, VM setups, and artifacts without hardcoding them.<\/span><span data-ccp-props=\"{&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">Team-friendly: Enable collaboration in shared environments while keeping credentials protected.<\/span><span data-ccp-props=\"{&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<h3><b><span data-contrast=\"auto\">\ud83e\uddea Example use-cases<\/span><\/b><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:0}\">\u00a0<\/span><\/h3>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"3\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Provisioning Test VMs: A platform engineer needs to spin up multiple Windows and Linux VMs for a team of developers. Instead of sharing passwords over chat or email, they can store them as lab secrets, allowing each VM to access credentials securely during setup.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"3\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Deploying artifacts from private repositories: When deploying artifacts that require cloning code from private Git repositories, a personal access token can be stored as a lab secret scoped to artifacts. This enables seamless authentication without exposing tokens in scripts or logs.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"3\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Automating environment setup: Automation scripts often require sensitive data like API keys or SSH credentials. By storing these as lab secrets, scripts can securely retrieve them during execution without embedding values directly in code.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<h3><b><span data-contrast=\"auto\">\ud83d\ude4c How to set up lab secrets<\/span><\/b><span data-ccp-props=\"{&quot;335559738&quot;:240}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">Getting started is simple:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ol>\n<li><span data-contrast=\"auto\">Within the Azure portal, navigate to your Lab \u2192 Configuration and Policies \u2192 Settings \u2192 Lab Secrets. <\/span><\/li>\n<li><span data-contrast=\"auto\">Click + Add, give it a name and value, and pick a scope:<\/span><span data-ccp-props=\"{&quot;335559739&quot;:0}\">\u00a0<\/span>\n<ul>\n<li><span data-contrast=\"auto\">Formulas and Virtual Machines: Use secrets to set user passwords or SSH keys for secure access to Windows or Linux VMs.<\/span><span data-ccp-props=\"{&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Artifacts: Add secrets like personal access tokens to support scenarios such as cloning private Git repositories when deploying artifacts.<\/span><span data-ccp-props=\"{&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ul>\n<\/li>\n<li><span data-contrast=\"auto\">Click Create. On create, your secrets are securely stored and automatically available within the scope you selected.\u202fDevTest Labs automatically creates a Key Vault in the same resource group as the lab to store your lab secrets.\u202f<\/span><span data-ccp-props=\"{&quot;335559739&quot;:0}\">\u00a0<\/span><\/li>\n<\/ol>\n<p><span data-contrast=\"auto\">Try Lab Secrets in Azure DevTest Labs today and simplify the way you manage sensitive information.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Get started with DevTest Labs today! To learn more, visit\u202f<\/span><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/devtest-labs\/devtest-lab-overview\"><span data-contrast=\"none\">What is Azure DevTest Labs? \u2013 Azure DevTest Labs | Microsoft Learn<\/span><\/a><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">With your feedback, we\u2019re continuing to improve Azure DevTest Labs to make development and test workflows smoother and more secure. Share your feedback\u202fwith us at the\u202f<\/span><a href=\"https:\/\/aka.ms\/dtl\/developer-community-forum\"><span data-contrast=\"none\">DevTest Labs \u00b7 Community<\/span><\/a><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>For platform engineers, securely managing sensitive information across dev and test environments is a critical responsibility. Each workflow, from provisioning virtual machines to deploying artifacts and automating environment setup, often involves handling credentials, SSH keys, and API tokens. Sharing these in chat, hardcoding them into scripts, or keeping them in plain text is not secure. [&hellip;]<\/p>\n","protected":false},"author":739,"featured_media":170,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[15],"tags":[],"class_list":["post-1052","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure-devtest-labs"],"acf":[],"blog_post_summary":"<p>For platform engineers, securely managing sensitive information across dev and test environments is a critical responsibility. Each workflow, from provisioning virtual machines to deploying artifacts and automating environment setup, often involves handling credentials, SSH keys, and API tokens. Sharing these in chat, hardcoding them into scripts, or keeping them in plain text is not secure. [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/develop-from-the-cloud\/wp-json\/wp\/v2\/posts\/1052","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/develop-from-the-cloud\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/develop-from-the-cloud\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/develop-from-the-cloud\/wp-json\/wp\/v2\/users\/739"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/develop-from-the-cloud\/wp-json\/wp\/v2\/comments?post=1052"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/develop-from-the-cloud\/wp-json\/wp\/v2\/posts\/1052\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/develop-from-the-cloud\/wp-json\/wp\/v2\/media\/170"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/develop-from-the-cloud\/wp-json\/wp\/v2\/media?parent=1052"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/develop-from-the-cloud\/wp-json\/wp\/v2\/categories?post=1052"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/develop-from-the-cloud\/wp-json\/wp\/v2\/tags?post=1052"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}