Clarify AKV secret handling and configuration instructions

msftadam · web-flow · commit fc285ba475cd · 2026-03-16T22:51:16.000-04:00
Updated instructions to clarify the use of AKV and secret definitions.
diff --git a/articles/operator-service-manager/configuration-guide.md b/articles/operator-service-manager/configuration-guide.md
@@ -114,6 +114,7 @@ This example shows how to define an object parameter `secretCgvContent`.
 
 > [!NOTE]
 > * Don't hydrate `secretCgvContent` using the bicep loadJsonContent() function.
+> * Don't include a `SecureObject` parameter in a variable definition. 
 
 * Under CGV resource properties, use `configurationType: 'Secret'` and `"secretConfigurationValue": "[string(parameters('secretCgvContent'))]"`.
   * This configuration prevents displaying the secret data via most Azure user interfaces.
@@ -154,10 +155,10 @@ This example shows how to define a parameter `secretPassword1` contained within
 }
 ```
 
-* Use a template reference to AKV in place of the plain-text secret.
+* For parameter input, Use a template reference to AKV in place of the plain-text secret.
   * This configuration obscures the display of the secrets as template variables.
 
-This example shows how to hydrate the secret `secretPassword1` using AKV secret and key.
+This example shows how to define the secret `secretPassword1` using AKV secret and key.
 
 ```json
   "secretPassword1": {
@@ -214,6 +215,7 @@ Consider the following ARM template requirements to properly obscure secret valu
 
 > [!NOTE]
 > * Don't hydrate `secretValues` using the bicep loadJsonContent() function.
+> * Don't include a `SecureObject` parameter in a variable definition. 
 
 * Under networkFunctions resource properties, use `configurationType: 'Secret'` and `"secretDeploymentValues": "[string(parameters('config'))]"`.
   * Once a network function is deployed, this configuration prevents displaying the secret data via most Azure user interfaces. 
