Open DannyBoyIT opened 1 day ago
microsoft-github-policy-service[bot]
commented
1 day ago [!IMPORTANT] The "Needs: Triage :mag:" label must be removed once the triage process is complete!
[!TIP] For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation.
avm-team-linter[bot]
commented
1 day ago @DannyBoyIT, thanks for submitting this issue for the avm/res/web/site module!
[!IMPORTANT] A member of the @Azure/avm-res-web-site-module-owners-bicep or @Azure/avm-res-web-site-module-contributors-bicep team will review it soon!
Check for previous/existing GitHub issues
Issue Type?
I'm not sure
Module Name
avm/res/web/site
(Optional) Module Version
0.11.1
Description
Hi!
I am using the site module and trying to add the client secret of the app to the app settings (environment variables) since I want to use the built-in Azure authentication middleware. I tried to pass the
EASYAUTH_SECRETin to the appsettings object as in the example . This works fine when I have a hardcoded secret but if I am going to follow security best practices I will need to have it in a more secure place like a Keyvault. The.getSecret('secretName')method of the Keyvault is allowed only for passing the value to a module parameter that has the@secure()decorator.Example:
Is there a "secure" way to pass in the Easy auth secret to the app settings using the verified module?
I am trying to resolve this now by manually appending the appsettings with a custom module where I unify existing appsettings with the secret but I would like to be able to send this value in the verified module directly instead, especially when the example states that this should be a possible configuration.
Appreciate any responses.
(Optional) Correlation Id
No response