Open anthony-c-martin opened 3 years ago
jeskew
commented
2 years ago One option here is to add a "SecretSink" or "Secure" flag to any property that had an x-ms-secret extension in Swagger. This could allow the Bicep compiler to add some new linter rules to, for example, warn when parameters without a @secure() decorator are passed to x-ms-secret properties or warn when x-ms-secret properties are used as template outputs.
majastrz
commented
2 years ago Agree. We should also borrow the heuristic from this internal repo, which handles some additional cases: https://msazure.visualstudio.com/One/_git/Mgmt-Governance-Schema?path=/src/Metadata/MetadataGenerator/Generator/MetadataGenerator.cs&version=GBmaster&line=487&lineEnd=488&lineStartColumn=1&lineEndColumn=1&lineStyle=plain&_a=contents
Created from comment on https://github.com/Azure/bicep-types-az/pull/436.