[Question]: Restricting Agent registration from SourceΒ #5322
Description
Describe your question
Hello Team,
We are using self-hosted agents using Keda and hence running pods in a container. While registering the agent TOKEN is written to a file and users can exfiltrate the token and can register their own agents from unauthorized machines. Agent Registration.
What is the recommendation in such a scenario, I was thinking if we can restrict the agent registration source (from IP, AWS Accounts etc). This is a major security issue and would appreciate recommendations.
Best
Jashan
Versions
latest
Environment type (Please select at least one enviroment where you face this issue)
- Self-Hosted
- Microsoft Hosted
- VMSS Pool
- Container
Azure DevOps Server type
dev.azure.com (formerly visualstudio.com)
Operation system
Ubuntu 24.04
Version controll system
git
Azure DevOps Server Version (if applicable)
No response