You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/operator-service-manager/configuration-guide.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -47,6 +47,9 @@ We now recommend that you use at least three CGS/CGV sets, organizing parameters
47
47
* Uses CGS/CGV with secrets.
48
48
* Store values in Azure Key Vault to obscure during deployments.
49
49
50
+
> [!NOTE]
51
+
> * Consider restricting access to the role based access control (RBAC) scope `Microsoft.Resources/deployments/exportTemplate/action` to only admin roles.
52
+
50
53
## CGS without secrets
51
54
52
55
This example shows a CGS exposing `abc`, `xyz`, and `qwe` parameters. Two of the parameters have default values and one is marked required.
@@ -91,10 +94,8 @@ This example shows the rendered CGV resource created after the CGV deployment co
91
94
}
92
95
```
93
96
94
-
## CGS with secrets
95
-
Other than separating secrets into a unique CGS, no special requirements exist for CGS secret support.
96
-
97
97
## CGV with secrets without AKV
98
+
98
99
Where AKV isn't being used, consider the following CGV Azure Resource Manager (ARM) template requirements to properly obscure secret values throughout CGV resource lifecycle.
99
100
100
101
* To contain all secrets, define an object parameter with `"type": "secureObject"` .
@@ -129,12 +130,13 @@ This example shows how to pass all secrets in the object `secretCgvContent` to t
129
130
```
130
131
131
132
## CGV with secrets with AKV
133
+
132
134
Where AKV is being used, consider the following CGV Azure Resource Manager (ARM) template requirements to properly obscure secret values throughout CGV resource lifecycle.
133
135
134
136
* Define a string `parameter` for each secret and one object `variable` to collect all secret values.
135
137
* The object variable contains only a reference to the parameter string and exposes no secrets.
136
138
137
-
This example shows how to define a paremter`secretPassword` contained within the object variable `secretVal.configurationValue`.
139
+
This example shows how to define a parameter`secretPassword` contained within the object variable `secretVal.configurationValue`.
138
140
139
141
```json
140
142
"parameters": {
@@ -185,6 +187,7 @@ This example shows how to pass all secrets in the object `secretVal.configuratio
185
187
```
186
188
187
189
## NF with secrets
190
+
188
191
Consider the following Azure Resource Manager (ARM) template requirements when creating a network function to properly obscure secret values throughout network function resource lifecycle.
189
192
190
193
* Use `"type": "secureObject"` in the template for type of the `secretValues` and `config` parameter
@@ -224,9 +227,6 @@ Consider the following Azure Resource Manager (ARM) template requirements when c
224
227
]
225
228
```
226
229
227
-
> [!NOTE]
228
-
> * Consider restricting access to the role based access control (RBAC) scope `Microsoft.Resources/deployments/exportTemplate/action` to only admin roles.
229
-
230
230
## Overview of JSON Schema
231
231
232
232
JSON Schema is an Internet Engineering Task Force (IETF) standard that provides a format for what JSON data is required for an application and how to interact with it. Applying such standards for a JSON document helps you enforce consistency and data validity across JSON data.
0 commit comments