Skip to content

Recommended approach for outputting/getting secrets #6173

Answered by johnlokerse
jonas-lomholdt asked this question in Q&A
Discussion options

You must be logged in to vote

Hi @jonas-lomholdt,

The output is probably not allowed because it potentiallyly can leak secrets.

The way to retrieve secrets is to use the existing keyword "calling" your keyvault.

resource kv 'Microsoft.KeyVault/vaults@2019-09-01' existing = {
  name: kvName
  scope: resourceGroup(subscriptionId, kvResourceGroup )
}

If you have done this you can use the symbolic name kv and call the kv.getSecret('myKvKey') method. I would use this approach instead of outputting secrets.

Replies: 3 comments 31 replies

Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
30 replies
@brwilkinson
Comment options

@brwilkinson
Comment options

@Kor-Hal
Comment options

@brwilkinson
Comment options

@Kor-Hal
Comment options

Answer selected by brwilkinson
Comment options

You must be logged in to vote
1 reply
@justinpenguin45
Comment options

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet