- [ ] bug report -> please search issues before submitting
- [ X ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)
Minimal steps to reproduce
Deploy #AzureSandbox v2.9.2
Enable Defender for Cloud CSPM agentless scanning
Any log messages given by the failure
Contains Verified Secret risk factor related to file C:\Packages\Plugins\Microsoft.compute.CustomScriptExtension\1.10.15\RuntimeSettings\0.settings finding on jumpwin1
Expected/desired behavior
Eliminate the local storage of secrets altogether or at a minimum do not store them in clear text
OS and Version?
Windows Server 2022
Versions
AzureSandbox v2.9.2
Mention any other details that might be useful
Secrets are passed as clear text parameters to script configure-vm-jumpbox-win.ps1 using custom script extension.
This issue is for a: (mark with an
x
)Minimal steps to reproduce
Any log messages given by the failure
Expected/desired behavior
OS and Version?
Versions
Mention any other details that might be useful