You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/operator-service-manager/configuration-guide.md
+13-13Lines changed: 13 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -45,10 +45,10 @@ We now recommend that you use at least three CGS/CGV sets, organizing parameters
45
45
* Security-specific parameters
46
46
* Examples include passwords and certificates.
47
47
* Uses CGS/CGV with secrets.
48
-
* Store values in Azure Key Vault to obscure during deployments.
48
+
* Store values in Azure Key Vault (AKV) to obscure during deployments.
49
49
50
50
> [!NOTE]
51
-
> *Consider restricting access to the role based access control (RBAC) scope `Microsoft.Resources/deployments/exportTemplate/action` to only admin roles.
51
+
> *When using secrets, consider restricting access to the role based access control (RBAC) scope `Microsoft.Resources/deployments/exportTemplate/action`.
52
52
53
53
## CGS without secrets
54
54
@@ -96,9 +96,9 @@ This example shows the rendered CGV resource created after the CGV deployment co
96
96
97
97
## CGV with secrets without AKV
98
98
99
-
Where AKV isn't being used, consider the following CGV Azure Resource Manager (ARM) template requirements to properly obscure secret values throughout CGV resource lifecycle.
99
+
Where AKV isn't being used, consider the following Azure Resource Manager (ARM) template requirements to properly obscure secret values throughout CGV resource lifecycle.
100
100
101
-
* To contain all secrets, define an object parameter with `"type": "secureObject"`.
101
+
* To contain all secrets, define an object parameter with `"type": "secureObject"`.
102
102
* Before a CGV is deployed, this configuration obscures the display of secrets as template parameters.
103
103
104
104
This example shows how to define an object parameter `secretCgvContent`.
@@ -117,7 +117,7 @@ This example shows how to define an object parameter `secretCgvContent`.
117
117
* Under CGV resource properties, use `configurationType: 'Secret'` and `"secretConfigurationValue": "[string(parameters('secretCgvContent'))]"`.
118
118
* Once a CGV is deployed, this configuration prevents displaying the secret data via most Azure user interfaces.
119
119
120
-
This example shows how to pass all secrets in the object `secretCgvContent` to the new CGV.
120
+
This example shows how to pass all secrets in the object `secretCgvContent` to the CGV resource.
121
121
122
122
```json
123
123
{
@@ -131,7 +131,7 @@ This example shows how to pass all secrets in the object `secretCgvContent` to t
131
131
132
132
## CGV with secrets with AKV
133
133
134
-
Where AKV is being used, consider the following CGV Azure Resource Manager (ARM) template requirements to properly obscure secret values throughout CGV resource lifecycle.
134
+
Where AKV is being used, consider the following Azure Resource Manager (ARM) template requirements to properly obscure secret values throughout CGV resource lifecycle.
135
135
136
136
* Define a string `parameter` for each secret and one object `variable` to collect all secret values.
137
137
* The object variable contains only a reference to the parameter string and exposes no secrets.
@@ -146,17 +146,17 @@ This example shows how to define a parameter `secretPassword` contained within t
146
146
}
147
147
"variables": {
148
148
"configurationValue": {
149
-
"secretValues": {
149
+
"secretVal": {
150
150
"elastic_passwd": "secretPassword"
151
151
}
152
152
}
153
153
}
154
154
```
155
155
156
-
* Use a template reference to Azure Key Vault (AKV) in place of the plain-text secret.
156
+
* Use a template reference to AKV in place of the plain-text secret.
157
157
* Before the CGV is deployed, this configuration obscures the display of the secrets as template variables.
158
158
159
-
This example shows how to hydrate the secret `secretPassword` using Azure Key Vault secret and key.
159
+
This example shows how to hydrate the secret `secretPassword` using AKV secret and key.
160
160
161
161
```json
162
162
"secretPassword": {
@@ -186,11 +186,11 @@ This example shows how to pass all secrets in the object `secretVal.configuratio
186
186
]
187
187
```
188
188
189
-
## NF with secrets
189
+
## networkFunction with secrets
190
190
191
-
Consider the following Azure Resource Manager (ARM) template requirements when creating a network function to properly obscure secret values throughout network function resource lifecycle.
191
+
Consider the following Azure Resource Manager (ARM) template requirements to properly obscure secret values throughout network function (NF) resource lifecycle.
192
192
193
-
* Use `"type": "secureObject"` in the template for type of the `secretValues` and `config` parameter
193
+
* Use `"type": "secureObject"` in the template for the `secretValues` and `config` parameter
194
194
* This configuration obscures the display of the secrets as template parameters.
195
195
196
196
```json
@@ -215,7 +215,7 @@ Consider the following Azure Resource Manager (ARM) template requirements when c
215
215
> * Don't hydrate `secretCgvContent` using the bicep loadJsonContent() function as it forces the use of insecure variables.
216
216
217
217
* Under networkFunctions resource properties, use `configurationType: 'Secret'` and `"secretDeploymentValues": "[string(parameters('config'))]"`.
218
-
* Once a network function is deployed, this configuration prevents displayed the secret data via most Azure user interfaces.
218
+
* Once a network function is deployed, this configuration prevents displaying the secret data via most Azure user interfaces.
0 commit comments