Add connection string output to Event Hub namespace module #3906
Conversation
Fixes Azure#3638 Add output for Event Hub namespace connection string * Add output for connection string using `listKeys` function in `avm/res/event-hub/namespace/main.bicep` * Update `outputs` section in `avm/res/event-hub/namespace/main.bicep` to include connection string * Document new output for connection string in `avm/res/event-hub/namespace/README.md` --- For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/Azure/bicep-registry-modules/issues/3638?shareId=XXXX-XXXX-XXXX-XXXX).
microsoft-github-policy-service
bot
added
the
Type: AVM 🅰️ ✌️ Ⓜ️
avm-team-linter
bot
added
the
Needs: Module Owner 📣
microsoft-github-policy-service
bot
added
the
Needs: Triage 🔍
|
Important The "Needs: Triage 🔍" label must be removed once the triage process is complete! Tip For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation. |
|
Important If this is a module-related PR, being submitted by the sole owner of the module, the AVM core team must review and approve it (as module owners can't approve their own PRs). To indicate this PR needs the core team''s attention, apply the "Needs: Core Team 🧞" label! The core team will only review and approve PRs that have this label applied! |
|
Hi @dciborow , event hub connection string is a sensitive information, publishing it as output is not a best practice. We should instead add to the module the possibility to create a keyvault, when required, and store there the connection string as a secret. Something similar has already been done for the storage account https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/storage/storage-account#Outputs |
There was a problem hiding this comment.
print the connection string as output is not a security best practice, the suggested way is to leverage a keyvault as already done for the storage account module https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/storage/storage-account#parameter-secretsexportconfiguration
There was a problem hiding this comment.
we can do like like cosmos did: https://github.com/azure-javaee/azure-dev/blob/d1c179a8392341802d0ef686354877b49eb80d24/cli/azd/resources/scaffold/templates/resources.bicept#L104
It's stored in Key Vault, and the key vault id is provided by customer.
Fixes #3638
Add output for Event Hub namespace connection string
listKeysfunction inavm/res/event-hub/namespace/main.bicepoutputssection inavm/res/event-hub/namespace/main.bicepto include connection stringavm/res/event-hub/namespace/README.mdFor more details, open the Copilot Workspace session.