Use a valid secret reference
October 15, 2024 ยท View on GitHub
SYNOPSIS
Use a valid secret reference within parameter files.
DESCRIPTION
When referencing secrets in a template parameter file:
- The secret reference must be a valid Azure resource ID Key Vault.
- A secret name must be specified.
- An optional secret version can be specified.
RECOMMENDATION
Check the secret value Key Vault reference is valid.
EXAMPLES
Configure with Azure template
To define Azure template parameter files that pass this rule:
- When a secret is referenced from Key Vault, provide a valid resource ID and secret name.
For example:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"gatewayName": {
"value": "gateway-A"
},
"sku": {
"value": "VpnGw1"
},
"subnetId": {
"value": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/GatewaySubnet"
},
"sharedKey": {
"reference": {
"keyVault": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/kv-001"
},
"secretName": "valid-secret"
}
}
}
}
NOTES
This rule is deprecated from v1.36.0. By default, PSRule will not evaluate this rule unless explicitly enabled. See https://aka.ms/ps-rule-azure/deprecations.