You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you have a template parameter with a secure string type and you accidentally pass a plain string, on the command line, that string is prnted in the error text. Since you know it's a secure string, it shoud not be printed in the error
Example 1:
PS C:\>ConvertFrom-SecureString"p@assw0rd"ConvertFrom-SecureString: Cannot bind parameter 'SecureString'. Cannot convert the "p@assw0rd" value of type "System.String" to type "System.Security.SecureString"
Example 2:
PS>New-AzResourceGroupDeployment-ResourceGroupName MyRG -Name MyDeployment -TemplateParameterFile .\mytemplate.parameters.json -TemplateFile .\mytemplate.json -domainPassword $PlainString-Whatif
# Template file contains parameter: # "domainPassword": {# "type": "securestring"# }New-AzResourceGroupDeployment: Cannot bind parameter 'domainPassword'. Cannot convert the "p@assw0rd" value of type "System.String" to type "System.Security.SecureString".
# the value of "p@ssw0rd" should not be revealed.
Name Value
---------
PSVersion 7.3.3
PSEdition Core
GitCommitId 7.3.3
OS Microsoft Windows 10.0.19045
Platform Win32NT
PSCompatibleVersions {1.0,2.0,3.0,4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
Prerequisites
Steps to reproduce
If you have a template parameter with a secure string type and you accidentally pass a plain string, on the command line, that string is prnted in the error text. Since you know it's a secure string, it shoud not be printed in the error
Example 1:
Example 2:
Originally reported by @dbaileyut in Azure/azure-powershell#21250
Expected behavior
the value of "p@ssw0rd" should not be revealed.Actual behavior
the value of "p@ssw0rd" was leaked to console.Error details
No response
Environment data
Visuals
No response