#Azure

So I pushed some Azure to GitHub Actions (workflow) code. And I have couple questions.

1. Can somebody do anything with those data (client-id, tenant-id and subscription-id) when i have connected with specific repository? (Chat says no but I don't trust him)
2. If i delete App Service is it all good? Or its connected to account? I going to use VPS so Azure is useless for me rn.

I'm asking all of these because I'm so confused - why Azure would leak that by itself (or it is just secured by GitHub and only one, specific can use that)

<@&987246964494204979> please have a look, thanks.

Github Secrets are intended to be secure - as opposed to the terrible idea of committing a secret in the code-base.

Steps are also taken to prevent the secrets escaping into artefacts such as logs.

This page gives some background and advice - https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions

As I expected

All I did is connect repo to azure and clicked one button 💀

Thought that i cant mess it up

There's a reason GitHub has this feature: https://docs.github.com/en/code-security/secret-scanning/enabling-secret-scanning-features.