An Azure DevOps pipeline unavoidably uses confidential information such as usernames and passwords which need to be protected from unauthorised access and alteration. Azure DevOps enables this by allowing your Pipeline to reference variables stored in a Variable Group which itself can be configure in one of two ways, each approach described in detail the sections below.
Define your variables in a Variable Group and protect selected (sensitive) variables those variables which are sensitive (e.g. access credentials) by marking each of them as Secret, or
Protect all variables by storing them in as Secrets in an Azure Key Vault and defining a Variable Group linked to that Key Vault.
...