Closed philipktlin closed 1 year ago
@philipktlin Thanks for your feedback! We will investigate and update as appropriate.
@philipktlin It would be great if you could add a link to the documentation you are following for these steps? This would help us redirect the issue to the appropriate team. Thanks!
I based on this doc https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/key-vault-parameter?tabs=azure-cli#reference-secrets-with-dynamic-id; and apply it to my scenario. The main difference in my scenario is that the key vault and secret may not be provided all the time. Please feel free to ping me and I will be happy to explain the details of my scenario. thanks.
@philipktlin thank you for sharing this feedback.
@mumian, can you please review this question and share your thoughts? Thank you
@philipktlin - using a string output is not secure. The value would be visible to anyone who can see the deployment history.
@tfitzmac do this scenario make sense to you? or there is any other workaround? thanks.
Could you use a nested template with scope set to inner that has a secureString for the password? Otherwise, I don't think there is a secure way of passing the value.
I will get the value outside ARM temlate as a workaround; but I think it is a valid scenario to support secureString type in nested template. thanks.
I got error when I tried to use secureString type as an output parameter of a nested inline template, which is used to pass to another nested parameter. I found this closed issue https://github.com/MicrosoftDocs/azure-docs/issues/29578, but it doesn't help.
You may ask why not just use reference block in input parameter for nested template. The reason is that keyvault information is not always provided from inputs. Therefore I created a nested inline template to run conditionally to get value from keyvault secret; and originally want to return secureString and pass it to another nested template. Since secureString can't be used as output parameter. I would like to ask below questions:
ARM teamplate reference: https://msazure.visualstudio.com/One/_git/WindowsVirtualDesktop-Portal?path=/src/Extension/Extension/ArmTemplates/AutomatedHostpool/CreateAutomatedHostpoolTemplate.json
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.