bicep_skill

This skill helps you design secure, modular Azure Bicep templates with parameterization, naming, tagging, and module patterns for scalable IaC.
  • Python

0

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill yldgio/codereview-skills --skill bicep

  • SKILL.md3.4 KB

Overview

This skill encapsulates Azure Bicep Infrastructure-as-Code patterns focused on secure parameterization, modular design, naming and tagging conventions, and auditing best practices. It helps reviewers and authors apply consistent, policy-aligned templates and avoid common security and deployment pitfalls. The guidance is practical and ready to apply in CI/CD pipelines and code reviews.

How this skill works

The skill inspects Bicep templates for security issues (secrets, network exposure, diagnostic settings), parameter design (descriptions, constraints, secure markers), naming and tagging consistency, module boundaries, and API version usage. It reports deviations from recommended patterns and offers concrete fixes: parameter annotations, Key Vault references, proper use of existing resources, and modular refactors. It also suggests policy and auditing controls to enforce governance.

When to use it

  • During Bicep template code reviews to catch security and governance issues early
  • When authoring new IaC modules to apply consistent naming, tagging, and parameter patterns
  • Before merging changes to infrastructure repositories or generating ARM outputs
  • While integrating templates into CI/CD to enforce policy and validation gates
  • When migrating ARM templates to Bicep or modularizing large templates

Best practices

  • Never hardcode secrets; use Key Vault references and mark sensitive params with @secure()
  • Provide @description() and @allowed() for parameters and apply sensible min/max constraints
  • Use consistent naming conventions with environment, region, workload and uniqueString() for global names
  • Tag all resources with standard governance tags (owner, environment, cost center, compliance)
  • Break templates into single-responsibility modules and pass values via outputs
  • Enable diagnostic settings, prefer private endpoints, and enforce encryption at rest

Example use cases

  • Validate a storage account template: ensure TLS1_2, supportsHttpsTrafficOnly, and Key Vault integration
  • Refactor a monolithic template into modules: network, compute, and storage with clear outputs
  • Harden deployment parameters by adding @secure(), descriptions, allowed values and lengths
  • Audit templates for deprecated API versions and justify any preview usage
  • Ensure resource tags and naming meet organizational policy for cost allocation and compliance

FAQ

Never hardcode secrets; declare parameters with @secure() and reference secrets from Azure Key Vault.

When should I use modules?

Use modules to encapsulate logical resource groups, make templates reusable, and simplify testing and maintenance.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational