SecureString values gets exposed in defaultValue after deployment

[RodrigoGroener]

Source Logic App Definition with parameter "CRM_HTTP_AzureAD_Secret":

"CRM_HTTP_AzureAD_Secret": { "type": "SecureString" }

Creates following ARM Template Parameter

"paramCRM_HTTP_AzureAD_Secret": { "type": "securestring", "defaultValue": "" }

That is used in the embedded Logic App definition:

"CRM_HTTP_AzureAD_Secret": { "type": "SecureString", "defaultValue": "[parameters('paramCRM_HTTP_AzureAD_Secret')]" }

What leads to that the secrect gets exposed in the "defaultValue" after the deployment:

"CRM_HTTP_AzureAD_Secret": { "defaultValue": "XXXXXX SECRECT VALUE XXXXXXXX", "type": "SecureString" }

So i think it would be nice to remove default value output for SecureString oder SecureObject parameters in the created template.
What do you mean?

[MLogdberg]

Hi,
do you mean after the deploy in Azure? Meaning inside the Logic App when deployed?
That is hard for this tool to achive and I would sugest getting the value from keyvault insteead (via the keyvault action)

[MLogdberg]

This is solved but forgott to close the issue