Open anthony-c-martin opened 3 years ago
One option here is to add a "SecretSink" or "Secure" flag to any property that had an x-ms-secret
extension in Swagger. This could allow the Bicep compiler to add some new linter rules to, for example, warn when parameters without a @secure()
decorator are passed to x-ms-secret
properties or warn when x-ms-secret
properties are used as template outputs.
Agree. We should also borrow the heuristic from this internal repo, which handles some additional cases: https://msazure.visualstudio.com/One/_git/Mgmt-Governance-Schema?path=/src/Metadata/MetadataGenerator/Generator/MetadataGenerator.cs&version=GBmaster&line=487&lineEnd=488&lineStartColumn=1&lineEndColumn=1&lineStyle=plain&_a=contents
Created from comment on https://github.com/Azure/bicep-types-az/pull/436.