Linter rule - adminPassword should be assigned a secure value.
This rule finds the value of the property path properties.osProfile.adminPassword
for resources of type Microsoft.Compute/virtualMachines
or Microsoft.Compute/virtualMachineScaleSets
that doesn't have a secure value.
Linter rule code
Use the following value in the Bicep configuration file to customize rule settings:
use-secure-value-for-secure-inputs
Solution
Assign a secure value to the property with the property path properties.osProfile.adminPassword
for resources of type Microsoft.Compute/virtualMachines
or Microsoft.Compute/virtualMachineScaleSets
. Don't use a literal value. Instead, create a parameter with the @secure()
decorator for the password and assign it to adminPassword
.
The following examples fail this test because the adminPassword
is not a secure value.
resource ubuntuVM 'Microsoft.Compute/virtualMachineScaleSets@2024-03-01' = {
name: 'name'
location: 'China North 2'
properties: {
virtualMachineProfile: {
osProfile: {
adminUsername: 'adminUsername'
adminPassword: 'adminPassword'
}
}
}
}
resource ubuntuVM 'Microsoft.Compute/virtualMachines@2024-03-01' = {
name: 'name'
location: 'China North 2'
properties: {
osProfile: {
computerName: 'computerName'
adminUsername: 'adminUsername'
adminPassword: 'adminPassword'
}
}
}
param adminPassword string
resource ubuntuVM 'Microsoft.Compute/virtualMachines@2024-03-01' = {
name: 'name'
location: 'China North 2'
properties: {
osProfile: {
computerName: 'computerName'
adminUsername: 'adminUsername'
adminPassword: adminPassword
}
}
}
The following example passes this test.
@secure()
param adminPassword string
@secure()
param adminUsername string
param location string = resourceGroup().location
resource ubuntuVM 'Microsoft.Compute/virtualMachines@2024-03-01' = {
name: 'name'
location: location
properties: {
osProfile: {
computerName: 'computerName'
adminUsername: adminUsername
adminPassword: adminPassword
}
}
}
Next steps
For more information about the linter, see Use Bicep linter.