secret-prop
@azure-tools/typespec-azure-resource-manager/secret-propWhen defining the model returned in an ARM operation, any property that contains sensitive information (such as passwords, keys, tokens, credentials, or other secrets) must be marked with @secret. This ensures that secrets are properly identified and handled according to ARM security guidelines.
❌ Incorrect
Section titled “❌ Incorrect”model Data { userPassword: string; apiKey: string;}✅ Correct
Section titled “✅ Correct”model Data { @secret userPassword: string;
apiKey: apiKey;}Or create a reusable scalar marked with @secret:
@secretscalar apiKey extends string;Reviewer advice
Section titled “Reviewer advice”Impacts the API: this corresponds to the LintDiff rule XMSSecretInResponse and causes an RPC violation when a secret is exposed in a response. Ask the author to mark the property as type password or use the @secret decorator. Do not accept a suppression unless the property is not an actual secret.