Skip to content

[AVM Module Issue]: #6504

New issue
New issue
Open
Open
[AVM Module Issue]:#6504
Assignees
pankajagrawal16tsc-buddy
Labels
Class: Resource Module 📦This is a resource moduleNeeds: Triage 🔍Maintainers need to triage stillType: AVM 🅰️ ✌️ Ⓜ️This is an AVM related issueType: Security Bug 🔒This is a security bug
@RT235

Description

@RT235
RT235
opened on Jan 14, 2026

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Issue Type?

Security Bug

Module Name

avm/res/web/site

(Optional) Module Version

No response

Description

avm/res/web/site/config/main.bicep

var azureWebJobsValues
...
? {
AzureWebJobsStorage: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};AccountKey=${storageAccount!.listKeys().keys[0].value};EndpointSuffix=${environment().suffixes.storage}'
}
...

The Storage Account Key is submitted to ARM in clear text and triggers the Defender for Cloud recommendation: Azure Resource Manager deployments should have secrets findings resolved.

Are there any plans to pass this securely, without me having to make modifications to this file and parent files?

(Optional) Correlation Id

No response

Metadata

Metadata

Assignees

Labels

Class: Resource Module 📦This is a resource moduleNeeds: Triage 🔍Maintainers need to triage stillType: AVM 🅰️ ✌️ Ⓜ️This is an AVM related issueType: Security Bug 🔒This is a security bug

Type

No type

Projects

AVM - Module Issues

Status

Needs: Triage

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions