Blueprint w/ARM artifact w/securestring parameter breaks UI
According to this link (below), it is possible to specify an ARM artifact for an Azure Blueprint, within which 1+ parameters reference securestring values from an Azure KeyVault.
Specifically, see the "SecretValueReference" entity schema and it's corresponding relationship to the ARM artifact schema.
However, when defining a Blueprint with such attributes, it causes the blueprint blade to fail for that blueprint. Interestingly, the blades to edit the Blueprint and/or assign the Blueprint still work as expected.
To recreate, create an Azure Blueprint that includes an ARM template artifact. The ARM template artifact should load a securestring from a Key Vault. There should be no corresponding parameter definition in the Blueprint.json, because there appears to be no way to reference the Key Vault from the Blueprint definition itself (according to the schema I linked above). Then, navigate to the Blueprint blade for that instance.
I did also try to specify a "securestring" parameter in the Blueprint definition, and that does work in the portal. However, when assigning the template, the UX is not something I feel comfortable delivering to my client :/.
Alex Suttmiller commented
Thanks. That URL does provide good information, and is a good option for engineers. That is basically how I am developing this particular Blueprint, using PowerShell to import and assign.
My intent here is to report that semantically valid Blueprints with semantically valid Artifacts that include references to Key Vault, break the "view blueprint" blade.
The front end could be tweaked to work more like the "assign blueprint" blade, which still works. Alternatively, the Blueprint schema itself could be extended to support references.
Thuan Soldier commented
This would be a default design. I have found an article that provides a workaround https://azsec.azurewebsites.net/2020/01/07/quick-notes-on-the-use-of-securestring-in-azure-blueprints/. I think managing Azure blueprints as code would be the ideal way.