AZT605.3 - Resource Secret Reveal: Resource Group Deployment History Secret Dump#
By accessing deployment history of a Resource Group, secrets used in the ARM template may be revealed.
Resource
Resource Group
Actions
- Microsoft.Resources/deployments/read
- Microsoft.Resources/subscriptions/resourceGroups/read
Detections
Detection Details#
When a template is used, the parameters from the template are reflected on the 'Input' page when viewing the deployment detail in the Azure portal. The parameter key value's are shown unless the key 'SecureString' is used. If 'SecureString' is not used, then the value will show in the deployment input details.
Logs#
Data Source | Operation Name | Action | Log Provider |
---|---|---|---|
Resource | N/A | N/A | AzureActivity |