services / Azure / Azure Automation credential asset
An Azure Automation credential asset stores a username/password pair within an Automation account that runbooks and DSC configurations use to authenticate to external systems and resources.
The password value is write-only via ARM and is only retrievable from inside a runbook (Get-AutomationPSCredential); the control plane never returns the secret. The asset still represents a stored service-account identity.
Microsoft.Automation/automationAccounts/credentials/delete
Deleting a credential asset destroys stored secret credential material and breaks any runbooks/automation that depend on it, disrupting automated operations.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security