Docker

A container image should mount only the config and secrets needed by the workflow.

docker run --rm \
  -e TEAMS_CLI_ACCESS_TOKEN \
  osodevops/teams-cli:latest \
  teams auth status --output json

For long-lived delegated sessions, prefer host keyring storage outside Docker. For CI, use short-lived tokens or a controlled login bootstrap.