Skip to content

[AVM Module Issue]: actionGroup displays LogicAppRecievers callbackURL in plain text. #5840

New issue
New issue
Open
Open
[AVM Module Issue]: actionGroup displays LogicAppRecievers callbackURL in plain text.#5840
Assignees
rahalan
Labels
Class: Resource Module 📦This is a resource moduleNeeds: Triage 🔍Maintainers need to triage stillType: AVM 🅰️ ✌️ Ⓜ️This is an AVM related issueType: Security Bug 🔒This is a security bug
@anderpups

Description

@anderpups
anderpups
opened on Aug 22, 2025

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Issue Type?

Security Bug

Module Name

avm/res/insights/action-group

(Optional) Module Version

No response

Description

The listCallbackURL parameter in LogicAppReceivers is sensitive. It contains an SAS token to trigger the Logic App.

Currently it is being displayed in plain text as an input parameter in the deployment logs.

Attached is some sample bicep to show how we are able to work around this issue with the regular resource module, but this won't work with the AVM one since the logicAppReceivers param is defined without the secure decorator.

An easy fix would be making the entire logicAppReceivers array secure, but you would lose the other params in the logs.

test.bicep.txt

actionGroupCreateModule.bicep.txt

(Optional) Correlation Id

No response

Metadata

Metadata

Assignees

Labels

Class: Resource Module 📦This is a resource moduleNeeds: Triage 🔍Maintainers need to triage stillType: AVM 🅰️ ✌️ Ⓜ️This is an AVM related issueType: Security Bug 🔒This is a security bug

Type

No type

Projects

AVM - Module Issues

Status

Needs: Triage

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions