chore: wrapped appsettings object with secure() decorator

infra/app/apim-api.bicep

@@ -25,7 +25,7 @@ param apiBackendUrl string
 
 var apiPolicyContent = replace(loadTextContent('apim-api-policy.xml'), '{origin}', webFrontendUrl)
 
-resource restApi 'Microsoft.ApiManagement/service/apis@2021-12-01-preview' = {
+resource restApi 'Microsoft.ApiManagement/service/apis@2023-05-01-preview' = {
   name: apiName
   parent: apimService
   properties: {
@@ -41,7 +41,7 @@ resource restApi 'Microsoft.ApiManagement/service/apis@2021-12-01-preview' = {
   }
 }
 
-resource apiPolicy 'Microsoft.ApiManagement/service/apis/policies@2021-12-01-preview' = {
+resource apiPolicy 'Microsoft.ApiManagement/service/apis/policies@2023-05-01-preview' = {
   name: 'policy'
   parent: restApi
   properties: {
@@ -50,7 +50,7 @@ resource apiPolicy 'Microsoft.ApiManagement/service/apis/policies@2021-12-01-pre
   }
 }
 
-resource apiDiagnostics 'Microsoft.ApiManagement/service/apis/diagnostics@2021-12-01-preview' = {
+resource apiDiagnostics 'Microsoft.ApiManagement/service/apis/diagnostics@2023-05-01-preview' = {
   name: 'applicationinsights'
   parent: restApi
   properties: {
@@ -91,7 +91,7 @@ resource apiDiagnostics 'Microsoft.ApiManagement/service/apis/diagnostics@2021-1
   }
 }
 
-resource apimProduct 'Microsoft.ApiManagement/service/products@2022-08-01' = {
+resource apimProduct 'Microsoft.ApiManagement/service/products@2023-05-01-preview' = {
   name: 'apim-api-product'
   parent: apimService
   properties: {
@@ -104,11 +104,11 @@ resource apimProduct 'Microsoft.ApiManagement/service/products@2022-08-01' = {
   }
 }
 
-resource apimService 'Microsoft.ApiManagement/service@2021-08-01' existing = {
+resource apimService 'Microsoft.ApiManagement/service@2023-05-01-preview' existing = {
   name: name
 }
 
-resource apimLogger 'Microsoft.ApiManagement/service/loggers@2021-12-01-preview' existing = {
+resource apimLogger 'Microsoft.ApiManagement/service/loggers@2023-05-01-preview' existing = {
   name: 'app-insights-logger'
   parent: apimService
 }

infra/app/apim-stripe.bicep

@@ -25,7 +25,7 @@ param apiBackendUrl string
 
 var apiPolicyContent = replace(loadTextContent('apim-api-policy.xml'), '{origin}', webFrontendUrl)
 
-resource restApi 'Microsoft.ApiManagement/service/apis@2021-12-01-preview' = {
+resource restApi 'Microsoft.ApiManagement/service/apis@2023-05-01-preview' = {
   name: apiName
   parent: apimService
   properties: {
@@ -41,7 +41,7 @@ resource restApi 'Microsoft.ApiManagement/service/apis@2021-12-01-preview' = {
   }
 }
 
-resource apiPolicy 'Microsoft.ApiManagement/service/apis/policies@2021-12-01-preview' = {
+resource apiPolicy 'Microsoft.ApiManagement/service/apis/policies@2023-05-01-preview' = {
   name: 'policy'
   parent: restApi
   properties: {
@@ -50,7 +50,7 @@ resource apiPolicy 'Microsoft.ApiManagement/service/apis/policies@2021-12-01-pre
   }
 }
 
-resource apiDiagnostics 'Microsoft.ApiManagement/service/apis/diagnostics@2021-12-01-preview' = {
+resource apiDiagnostics 'Microsoft.ApiManagement/service/apis/diagnostics@2023-05-01-preview' = {
   name: 'applicationinsights'
   parent: restApi
   properties: {
@@ -91,7 +91,7 @@ resource apiDiagnostics 'Microsoft.ApiManagement/service/apis/diagnostics@2021-1
   }
 }
 
-resource apimProduct 'Microsoft.ApiManagement/service/products@2022-08-01' = {
+resource apimProduct 'Microsoft.ApiManagement/service/products@2023-05-01-preview' = {
   name: 'apim-product'
   parent: apimService
   properties: {
@@ -102,11 +102,11 @@ resource apimProduct 'Microsoft.ApiManagement/service/products@2022-08-01' = {
   }
 }
 
-resource apimService 'Microsoft.ApiManagement/service@2021-08-01' existing = {
+resource apimService 'Microsoft.ApiManagement/service@2023-05-01-preview' existing = {
   name: name
 }
 
-resource apimLogger 'Microsoft.ApiManagement/service/loggers@2021-12-01-preview' existing = {
+resource apimLogger 'Microsoft.ApiManagement/service/loggers@2023-05-01-preview' existing = {
   name: 'app-insights-logger'
   parent: apimService
 }

infra/app/blog.bicep

@@ -52,7 +52,7 @@ resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing
   name: applicationInsightsName
 }
 
-resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
+resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
   name: keyVaultName
 }
 

infra/app/cms.bicep

@@ -140,11 +140,11 @@ resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing
   name: applicationInsightsName
 }
 
-resource keyVault 'Microsoft.KeyVault/vaults@2022-11-01' existing = {
+resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
   name: keyVaultName
 }
 
-resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' existing = {
+resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' existing = {
   name: storageAccountName
 }
 

infra/app/events.bicep

@@ -16,6 +16,6 @@ module events '../core/pubsub/event-grid.bicep' = {
   }
 }
 
-resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' existing = {
+resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' existing = {
   name: storageAccountName
 }

infra/app/notifications-backend.bicep

@@ -56,11 +56,11 @@ resource applicationInsights 'Microsoft.Insights/components@2020-02-02' existing
   name: applicationInsightsName
 }
 
-resource awps 'Microsoft.SignalRService/webPubSub@2023-02-01' existing = {
+resource awps 'Microsoft.SignalRService/webPubSub@2023-08-01-preview' existing = {
   name: notificationsServiceName
 }
 
-resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
+resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
   name: keyVaultName
 }
 

infra/app/portal-backend.bicep

@@ -5,7 +5,7 @@ param useAPIM bool
 param portalName string
 param apiServiceName string
 
-resource portalApimProperties 'Microsoft.Web/staticSites/linkedBackends@2022-03-01' = {
+resource portalApimProperties 'Microsoft.Web/staticSites/linkedBackends@2022-09-01' = {
   parent: portal
   name: name
 
@@ -20,11 +20,11 @@ resource portalApimProperties 'Microsoft.Web/staticSites/linkedBackends@2022-03-
   }
 }
 
-resource portal 'Microsoft.Web/staticSites@2022-03-01' existing = {
+resource portal 'Microsoft.Web/staticSites@2022-09-01' existing = {
   name: portalName
 }
 
-resource apimService 'Microsoft.ApiManagement/service@2021-08-01' existing = {
+resource apimService 'Microsoft.ApiManagement/service@2023-05-01-preview' existing = {
   name: name
 }
 

infra/core/database/cosmos/cosmos-account.bicep

@@ -8,7 +8,7 @@ param keyVaultName string
 @allowed([ 'GlobalDocumentDB', 'MongoDB', 'Parse' ])
 param kind string
 
-resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' = {
+resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2024-05-15' = {
   name: name
   kind: kind
   location: location
@@ -30,15 +30,15 @@ resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' = {
   }
 }
 
-resource cosmosConnectionString 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
+resource cosmosConnectionString 'Microsoft.KeyVault/vaults/secrets@2023-07-01' = {
   parent: keyVault
   name: connectionStringKey
   properties: {
     value: connectionString
   }
 }
 
-resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
+resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
   name: keyVaultName
 }
 

infra/core/database/cosmos/mongo/cosmos-mongo-db.bicep

@@ -18,7 +18,7 @@ module cosmos 'cosmos-mongo-account.bicep' = {
   }
 }
 
-resource database 'Microsoft.DocumentDB/databaseAccounts/mongodbDatabases@2022-08-15' = {
+resource database 'Microsoft.DocumentDB/databaseAccounts/mongodbDatabases@2024-05-15' = {
   name: '${accountName}/${databaseName}'
   tags: tags
   properties: {

infra/core/database/cosmos/sql/cosmos-sql-account.bicep

@@ -12,6 +12,7 @@ module cosmos '../../cosmos/cosmos-account.bicep' = {
     tags: tags
     keyVaultName: keyVaultName
     kind: 'GlobalDocumentDB'
+    connectionStringKey: ''
   }
 }
 

infra/core/database/cosmos/sql/cosmos-sql-db.bicep

@@ -17,7 +17,7 @@ module cosmos 'cosmos-sql-account.bicep' = {
   }
 }
 
-resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2022-05-15' = {
+resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2024-05-15' = {
   name: '${accountName}/${databaseName}'
   properties: {
     resource: { id: databaseName }

infra/core/database/cosmos/sql/cosmos-sql-role-assign.bicep

@@ -3,7 +3,7 @@ param accountName string
 param roleDefinitionId string
 param principalId string = ''
 
-resource role 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2022-05-15' = {
+resource role 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2024-05-15' = {
   parent: cosmos
   name: guid(roleDefinitionId, principalId, cosmos.id)
   properties: {
@@ -13,6 +13,6 @@ resource role 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2022-05-
   }
 }
 
-resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = {
+resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2024-05-15' existing = {
   name: accountName
 }

infra/core/database/cosmos/sql/cosmos-sql-role-def.bicep

@@ -1,6 +1,6 @@
 param accountName string
 
-resource roleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2022-08-15' = {
+resource roleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2024-05-15' = {
   parent: cosmos
   name: guid(cosmos.id, accountName, 'sql-role')
   properties: {
@@ -22,7 +22,7 @@ resource roleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinition
   }
 }
 
-resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2022-08-15' existing = {
+resource cosmos 'Microsoft.DocumentDB/databaseAccounts@2024-05-15' existing = {
   name: accountName
 }
 

infra/core/database/postgresql/flexibleserver.bicep

@@ -18,7 +18,7 @@ param keyVaultName string
 param version string
 
 // Latest official version 2022-12-01 does not have Bicep types available
-resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01' = {
+resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2023-03-01-preview' = {
   location: location
   tags: tags
   name: name
@@ -63,15 +63,15 @@ resource postgresServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01' =
 
 }
 
-resource postgresPassword 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
+resource postgresPassword 'Microsoft.KeyVault/vaults/secrets@2023-07-01' = {
   parent: keyVault
   name: administratorLoginPasswordKey
   properties: {
     value: administratorLoginPassword
   }
 }
 
-resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
+resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
   name: keyVaultName
 }
 

infra/core/database/sqlserver/sqlserver.bicep

@@ -13,7 +13,7 @@ param sqlAdminPassword string
 @secure()
 param appUserPassword string
 
-resource sqlServer 'Microsoft.Sql/servers@2022-05-01-preview' = {
+resource sqlServer 'Microsoft.Sql/servers@2023-05-01-preview' = {
   name: name
   location: location
   tags: tags
@@ -42,7 +42,7 @@ resource sqlServer 'Microsoft.Sql/servers@2022-05-01-preview' = {
   }
 }
 
-resource sqlDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+resource sqlDeploymentScript 'Microsoft.Resources/deploymentScripts@2023-08-01' = {
   name: '${name}-deployment-script'
   location: location
   kind: 'AzureCLI'
@@ -96,31 +96,31 @@ SCRIPT_END
   }
 }
 
-resource sqlAdminPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
+resource sqlAdminPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2023-07-01' = {
   parent: keyVault
   name: 'sqlAdminPassword'
   properties: {
     value: sqlAdminPassword
   }
 }
 
-resource appUserPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
+resource appUserPasswordSecret 'Microsoft.KeyVault/vaults/secrets@2023-07-01' = {
   parent: keyVault
   name: 'appUserPassword'
   properties: {
     value: appUserPassword
   }
 }
 
-resource sqlAzureConnectionStringSercret 'Microsoft.KeyVault/vaults/secrets@2022-07-01' = {
+resource sqlAzureConnectionStringSercret 'Microsoft.KeyVault/vaults/secrets@2023-07-01' = {
   parent: keyVault
   name: connectionStringKey
   properties: {
     value: '${connectionString}; Password=${appUserPassword}'
   }
 }
 
-resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
+resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
   name: keyVaultName
 }
 

infra/core/gateway/apim.bicep

@@ -57,7 +57,7 @@ resource apimService 'Microsoft.ApiManagement/service@2021-08-01' = {
   }
 }
 
-resource apimLogger 'Microsoft.ApiManagement/service/loggers@2021-12-01-preview' = if (!empty(applicationInsightsName)) {
+resource apimLogger 'Microsoft.ApiManagement/service/loggers@2023-05-01-preview' = if (!empty(applicationInsightsName)) {
   name: 'app-insights-logger'
   parent: apimService
   properties: {

infra/core/host/aks-agent-pool.bicep

@@ -6,11 +6,11 @@ param name string
 @description('The agent pool configuration')
 param config object
 
-resource aksCluster 'Microsoft.ContainerService/managedClusters@2022-11-02-preview' existing = {
+resource aksCluster 'Microsoft.ContainerService/managedClusters@2024-03-02-preview' existing = {
   name: clusterName
 }
 
-resource nodePool 'Microsoft.ContainerService/managedClusters/agentPools@2022-11-02-preview' = {
+resource nodePool 'Microsoft.ContainerService/managedClusters/agentPools@2024-03-02-preview' = {
   parent: aksCluster
   name: name
   properties: config

infra/core/host/aks.bicep

@@ -89,7 +89,7 @@ var addOnsConfig = union(
 )
 
 // Link to existing log analytics workspace when available
-resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2021-12-01-preview' existing = if (!empty(logAnalyticsName)) {
+resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2022-10-01' existing = if (!empty(logAnalyticsName)) {
   name: logAnalyticsName
 }
 

infra/core/host/appservice.bicep

@@ -23,6 +23,7 @@ param kind string = 'app,linux'
 param allowedOrigins array = []
 param alwaysOn bool = true
 param appCommandLine string = ''
+@secure()
 param appSettings object = {}
 param clientAffinityEnabled bool = false
 param enableOryxBuild bool = contains(kind, 'linux')
@@ -35,7 +36,7 @@ param use32BitWorkerProcess bool = false
 param ftpsState string = 'FtpsOnly'
 param healthCheckPath string = ''
 
-resource appService 'Microsoft.Web/sites@2022-03-01' = {
+resource appService 'Microsoft.Web/sites@2022-09-01' = {
   name: name
   location: location
   tags: tags
@@ -88,7 +89,7 @@ resource appService 'Microsoft.Web/sites@2022-03-01' = {
   }
 }
 
-resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = if (!(empty(keyVaultName))) {
+resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = if (!(empty(keyVaultName))) {
   name: keyVaultName
 }