Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make appSettings a secure object by default #2575

Merged
merged 1 commit into from
Aug 1, 2023
Merged

Make appSettings a secure object by default #2575

merged 1 commit into from
Aug 1, 2023

Conversation

weikanglim
Copy link
Contributor

@weikanglim weikanglim commented Jul 28, 2023
edited
Loading

This allows users to set secret values as app settings for appservice, function host services. App service handle secrets in app settings by defaults, so there isn't any additional configuration there.

Fixes https://github.com/Azure/azure-dev-pr/issues/1563

@azure-sdk
Copy link
Collaborator

Repoman Generation Results

Repoman pushed changes to remotes for the following projects:

Project: todo-csharp-cosmos-sql

Remote: azure-samples-staging

Branch: pr/2575

You can initialize this project with:

azd init -t Azure-Samples/todo-csharp-cosmos-sql -b pr/2575

View Changes | Compare Changes

Project: todo-csharp-sql-swa-func

Remote: azure-samples-staging

Branch: pr/2575

You can initialize this project with:

azd init -t Azure-Samples/todo-csharp-sql-swa-func -b pr/2575

View Changes | Compare Changes

Project: todo-csharp-sql

Remote: azure-samples-staging

Branch: pr/2575

You can initialize this project with:

azd init -t Azure-Samples/todo-csharp-sql -b pr/2575

View Changes | Compare Changes

Project: todo-java-mongo-aca

Remote: azure-samples-staging

Branch: pr/2575

You can initialize this project with:

azd init -t Azure-Samples/todo-java-mongo-aca -b pr/2575

View Changes | Compare Changes

Project: todo-java-mongo

Remote: azure-samples-staging

Branch: pr/2575

You can initialize this project with:

azd init -t Azure-Samples/todo-java-mongo -b pr/2575

View Changes | Compare Changes

Project: todo-nodejs-mongo-aca

Remote: azure-samples-staging

Branch: pr/2575

You can initialize this project with:

azd init -t Azure-Samples/todo-nodejs-mongo-aca -b pr/2575

View Changes | Compare Changes

Project: todo-nodejs-mongo-aks

Remote: azure-samples-staging

Branch: pr/2575

You can initialize this project with:

azd init -t Azure-Samples/todo-nodejs-mongo-aks -b pr/2575

View Changes | Compare Changes

Project: todo-nodejs-mongo-swa-func

Remote: azure-samples-staging

Branch: pr/2575

You can initialize this project with:

azd init -t Azure-Samples/todo-nodejs-mongo-swa-func -b pr/2575

View Changes | Compare Changes

Project: todo-nodejs-mongo

Remote: azure-samples-staging

Branch: pr/2575

You can initialize this project with:

azd init -t Azure-Samples/todo-nodejs-mongo -b pr/2575

View Changes | Compare Changes

Project: todo-python-mongo-aca

Remote: azure-samples-staging

Branch: pr/2575

You can initialize this project with:

azd init -t Azure-Samples/todo-python-mongo-aca -b pr/2575

View Changes | Compare Changes

Project: todo-python-mongo-swa-func

Remote: azure-samples-staging

Branch: pr/2575

You can initialize this project with:

azd init -t Azure-Samples/todo-python-mongo-swa-func -b pr/2575

View Changes | Compare Changes

Project: todo-python-mongo

Remote: azure-samples-staging

Branch: pr/2575

You can initialize this project with:

azd init -t Azure-Samples/todo-python-mongo -b pr/2575

View Changes | Compare Changes

@wbreza
Copy link
Contributor

wbreza commented Jul 28, 2023

This allows users to set secret values as app settings for appservice, function host services. App service handle secrets in app settings by defaults, so there isn't any additional configuration there.

Is there a user reported issue that this resolves? If so, please add a link/reference.

@weikanglim
Copy link
Contributor Author

@wbreza Linked.

@wbreza
Copy link
Contributor

wbreza commented Jul 31, 2023

@wbreza Linked.

@weikanglim After reviewing the linked issue its unclear on whether this would workaround the issue since we're still using a param object vs a single string as suggested.

We may want to look into using keyvault reference from the app service app setting.
https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-cli#source-app-settings-from-key-vault

@weikanglim
Copy link
Contributor Author

@wbreza Marking an object as secure works the same way as a string (docs). This makes sense as the input is passed as a JSON string between ARM deployments.

Here are two deployment instances to take note of:

  • Before - az deployment group show -n func-api-x6dmhh6f7fyru-functions -g rg-weilim-insecure-1
  • After - az deployment group show -n func-api-m4chjvfmvhyyu-functions -g rg-weilim-secure-1

@weikanglim weikanglim merged commit 4a0fd5f into Azure:main Aug 1, 2023
19 checks passed
@pamelafox pamelafox mentioned this pull request Aug 7, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vhvb1989 vhvb1989 vhvb1989 approved these changes

@wbreza wbreza wbreza approved these changes

@jongio jongio Awaiting requested review from jongio jongio is a code owner

Assignees

@weikanglim weikanglim

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@weikanglim @azure-sdk @wbreza @vhvb1989