Azure-devops-docs: Variable Group History

@ashokirla - for comments

We have the same question, how do we control the risk of variable groups changing without anyone being notified?

+1

Auditing of the variable groups, and the associated variable group scope, is highly needed, as deployments can go badly wrong when variables are incorrectly changed, or the scope is incorrectly changed.

Knowing what has been changed (and by who, and when) is critical to safe deployments.

Also need the ability to revert from history, like you can on build and release definitions. I just got bit by this, after a week of configuring new environments. One person reverted everything to previous values and there's no way to get them back, due to the lack of this functionality.

It would be great if one could create a variable group YAML file which could be stored in a repository alongside the pipeline YAML files. They could then be versioned just like the pipeline YAML files, making it easy to track changes in the values of these variables.

@8enSmith -

It would be great if one could create a variable group YAML file which could be stored in a repository alongside the pipeline YAML files

it is not recommended to store the secrets in a repository. Unless I got your statements wrong

@8enSmith - not all variables stored in a variable group are necessarily secrets! However, I think your point is valid; because some variables might be secrets, then storing them in an otherwise open core repository is not a good solution.

Instead, Azure DevOps needs built-in versioning of variables & variable groups as a solution.

@8enSmith - sure, we do have it on our backlog, however not on top of our list at the moment. We are working on issues that impact broader set of customers. As a workaround, you can use Variable Groups backed by Azure Key Vault. Key Vault supports versioned history of changes. I would recommend you to suggest the changes on DevCommunity. This would allow us to priortize the asks