Param KeyVaultName name of the secret in Key Vault') Param password string = newGuid() //Can only be used as the default value for a name of the Key Vault to save the secret to') On top of that, you're not really encouraged to expose the password in an output value since those are all logged indefinitely, so I highly recommend writing out the value to a Key Vault secret as in the following //Prevents it from being logged, but also removes it from output As such, randomString and newGuid both accept parameters you can use to seed the result, but you'll always get the same result for the new values you put in.įor the reasons above, you're encouraged to provide your own generated password to kick off template deployment externally so there's nothing about the Bicep template that's changing from one deployment to another. The intent in Bicep is that one creates fully idempotent templates so that you should receive the same output every time you attempt to deploy anything in Bicep. This reduces the quality of the password, as there now 3 known characters. To circumvent the short comings of the uniqueString() function and make it comply to the password complexity rules, the person adds a constand prefix of " P" and suffix of " x!". I found the blog post "Automatically generate a password for an Azure SQL database with ARM template" by Vivien Chevallier, but that isn't good, IMO. What's the right approach to solve this in Bicep? Which is why we used random_password in Terraform. But this only creates 13 character long random strings and also doesn't have any "special" characters like and such.įor quite obvious reasons, I don't want to have some sort of statement in my code, which sets the secret to some clearly readable value. How do I do something like this with Bicep? I'm only finding the uniqueString() function. If somebody would need to know the password, it would get logged. This allowed us to have secure (enough.) passwords, which got created and stored in some secure database without us having to enter or even know the password. We then stored this as a value in the AWS Systems Manager Parameter Store. In Terraform, we create random passwords with the random_password resource. Now I'm using Bicep with Azure, so please bear with me :) I'm coming from a Terraform background and AWS.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |