ConnectionString as output param is secure?

[patelriki13]

I read your article. https://johnnyreilly.com/output-connection-strings-and-keys-from-azure-bicep and its good but I have question if am passing ConnectionString as output param is secure way?

I found two way to do it. I just adding details just for your reference, you may be already known.

option 1:

listKeys(resourceId('Microsoft.EventHub/namespaces/authorizationRules', eventHubNamespace, eventHubListenPolicy), '2021-11-01').primaryConnectionString

option 2:

resource rule 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules@2022-01-01-preview' existing = {
  name: '${eventHubNS}/${eventHubName}/${eventHubSendPolicyName}'
}

rule.listkeys().primaryConnectionString

If not secure, then can you please update your blog?

Ref:
azure-quickstart-templates
azure-quickstart-templates

[johnnyreilly]

Yup I agree it's less secure - see the second paragraph:

Please note that exporting keys / connection strings etc from Bicep / ARM templates is generally considered to be a less secure approach. This is because these values will be visible inside the deployments section of the Azure Portal. Anyone who has access to this will be able to see them. An alternative approach would be permissioning our pipeline to access the resources directly.