From 4e0edd18ae3a170749df6152728e8d4bc56d4314 Mon Sep 17 00:00:00 2001
From: Shiying Chen <shiyingchen@microsoft.com>
Date: Wed, 25 Oct 2023 17:08:24 +0800
Subject: [PATCH] Secure workflow strategy for Azure CLI output configuration
 (#356)

* add warning for cli output

* update

* update
---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index e6e34914..40408ff4 100644
--- a/README.md
+++ b/README.md
@@ -25,6 +25,9 @@ Note:
 - Ensure the CLI version is 2.30 or above to use OIDC support.
 - By default, Azure access tokens issued during OIDC based login could have limited validity. Azure access token issued by AD App (Service Principal) is expected to have an expiration of 1 hour by default. And with Managed Identities, it would be 24 hrs. This expiration time is further configurable in Azure. Refer to [access-token lifetime](https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens#access-token-lifetime) for more details.
 
+> [!WARNING]
+> By default, the output of Azure CLI commands print to the stdout stream and are stored in the build logs of the action. Configure Azure CLI to _not_ show output in the console screen or print in the log by setting the environment variable `AZURE_CORE_OUTPUT` to `none`. If you need the output of a specific command, override the default setting using the argument `--output` with your format of choice. For more information on output options with the Azure CLI, see [Format output](https://learn.microsoft.com/cli/azure/format-output-azure-cli).
+
 ## Sample workflow that uses Azure login action to run az cli
 
 ```yaml