From 105148fffde072dd03e56c8d686963e665b8013e Mon Sep 17 00:00:00 2001 From: Pamela Fox Date: Mon, 25 Mar 2024 20:02:24 +0000 Subject: [PATCH] Make sure all secrets are secure --- infra/core/host/container-app.bicep | 9 +++++++-- infra/main.bicep | 22 +++++++--------------- 2 files changed, 14 insertions(+), 17 deletions(-) diff --git a/infra/core/host/container-app.bicep b/infra/core/host/container-app.bicep index ff3dd57..3d366df 100644 --- a/infra/core/host/container-app.bicep +++ b/infra/core/host/container-app.bicep @@ -3,7 +3,9 @@ param location string = resourceGroup().location param tags object = {} param containerEnvId string -param secrets array = [] +@secure() +param secrets object + param env array = [] param imageName string param targetPort int = 80 @@ -23,7 +25,10 @@ resource containerApp 'Microsoft.App/containerapps@2022-03-01' = { external: true targetPort: targetPort } - secrets: secrets + secrets: [for secret in items(secrets): { + name: secret.key + value: secret.value + }] } template: { containers: [ diff --git a/infra/main.bicep b/infra/main.bicep index 5e61cb4..6b6f004 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -150,7 +150,7 @@ module containerApp 'core/host/container-app.bicep' = { } { name: 'AUTH_AZURE_AD_CLIENT_SECRET' - value: authClientSecret + secretRef: 'authclientsecret' } { name: 'AUTH_AZURE_AD_TENANT_ID' @@ -161,20 +161,12 @@ module containerApp 'core/host/container-app.bicep' = { value: useAuthentication ? 'true' : 'false' } ] - secrets: [ - { - name: 'databasepassword' - value: databasePassword - } - { - name: 'nextauthsecret' - value: nextAuthSecret - } - { - name: 'salt' - value: salt - } - ] + secrets: { + 'databasepassword': databasePassword + 'nextauthsecret': nextAuthSecret + 'salt': salt + 'authclientsecret': authClientSecret + } } }