In the original version of appservice.bicep, appSettings was not wrapped with an @secure decorator, so if a developer put any secrets in their app settings, it would leak into deployment outputs and cause a security alert. The latest version now has the secure decorator.
I noticed this repo is using the old version, so I recommend upgrading if you can.
farzad528
commented
5 months ago
In the original version of appservice.bicep, appSettings was not wrapped with an @secure decorator, so if a developer put any secrets in their app settings, it would leak into deployment outputs and cause a security alert. The latest version now has the secure decorator.
I noticed this repo is using the old version, so I recommend upgrading if you can.
You can git clone https://github.com/azure/azure-dev and then cp like this:
cp ../azure-dev/templates/common/infra/bicep/core/host/* infra/core/host/.
Or only cp app service files if you don't use other hosts:
cp ../azure-dev/templates/common/infra/bicep/core/host/appservice* infra/core/host/.
Then run azd up to make sure all still works.