Skip to content

Commit cd7a9d8

Browse files
msftadammsftadam
authored
Fix typos and enhance configuration guide content
Correct typos and improve clarity in the configuration guide, including updates on secrets handling and JSON schema overview.
1 parent 4dd42d4 commit cd7a9d8

1 file changed

Lines changed: 24 additions & 1 deletion

File tree

articles/operator-service-manager/configuration-guide.md

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ ms.service: azure-operator-service-manager
1212

1313
This article provides Azure Operator Service Manager guidelines to optimize the design of configuration group schemas (CGSs) and the operation of configuration group values (CGVs). Network function (NF) vendors, telco operators, and their partners should keep these practices in mind when onboarding and deploying NFs.
1414

15-
## Configuring group resource approach
15+
## Configurarion group approach
1616

1717
Consider the following meta-schema guidelines when you're designing configuration resources:
1818

@@ -91,6 +91,29 @@ This example shows the resulting CGV resource that Azure Operator Service Manage
9191
}
9292
```
9393

94+
## CGS with secrets
95+
Other then seperating secrets into a unique CGS, no special CGS requirements exist for secret support.
96+
97+
## CGV with secrets
98+
Considering the following configuration reqiurements to properly obscure secret values:
99+
* Use `configurationType: 'Secret'` in the resource properties.
100+
* Once a CGV is deployed, this prevents the display of the resource in most Azure methods.
101+
* Use a reference to Azure Key Vault (AKV) in place of the plain-text secret.
102+
* This obscures the display of the secret in the CGV deployment template.
103+
104+
The following example shows how to include an AKF reference in an ARM template:
105+
```json
106+
"password": {
107+
"reference": {
108+
"keyVault": {
109+
"id": "/subscriptions/xxx/resourceGroups/yyy/providers/Microsoft.KeyVault/vaults/zz"
110+
},
111+
"secretName": "passwd"
112+
}
113+
```
114+
115+
To further secure resources restrict access to the following RBAC scope: `Microsoft.Resources/deployments/exportTemplate/action`
116+
94117
## Overview of JSON Schema
95118

96119
JSON Schema is an Internet Engineering Task Force (IETF) standard that provides a format for what JSON data is required for an application and how to interact with it. Applying such standards for a JSON document helps you enforce consistency and data validity across JSON data.

0 commit comments

Comments
 (0)