update

Author: mumian

articles/azure-resource-manager/bicep/modules.md

@@ -3,7 +3,7 @@ title: Bicep modules
 description: This article describes how to define a module in a Bicep file and how to use module scopes.
 ms.topic: conceptual
 ms.custom: devx-track-bicep
-ms.date: 03/25/2025
+ms.date: 05/09/2025
 ---
 
 # Bicep modules
@@ -545,6 +545,8 @@ module stgModule '../create-storage-account/main.bicep' = {
 output storageEndpoint object = stgModule.outputs.storageEndpoint
 ```
 
+The `@secure()` decorator can now be applied to module outputs to mark them as sensitive, ensuring that their values are not exposed in logs or deployment history. This is particularly useful when a module needs to return sensitive data, such as a generated key or connection string, to the parent Bicep file without risking exposure. For more information, see [Secure outputs](./outputs.md#secure-outputs).
+
 ## Related content
 
 - For a tutorial, see [Build your first Bicep template](/training/modules/deploy-azure-resources-by-using-bicep-templates/).

articles/azure-resource-manager/bicep/outputs.md

@@ -3,7 +3,7 @@ title: Outputs in Bicep
 description: Learn how to define output values in Bicep.
 ms.topic: conceptual
 ms.custom: devx-track-bicep
-ms.date: 03/25/2025
+ms.date: 05/09/2025
 ---
 
 # Outputs in Bicep
@@ -153,7 +153,7 @@ See [Elevate error level](./user-defined-data-types.md#elevate-error-level).
 
 ### Secure outputs
 
-With Bicep version 0.35.1 and later, you can mark string or object outputs as secure. The value of a secure output isn't saved to the deployment history and isn't logged.
+With Bicep version 0.35.1 and later, you can mark string or object outputs as secure. When an output is decorated with `@secure()`, Azure Resource Manager treats the output value as sensitive, preventing it from being logged or displayed in deployment history, Azure Portal, or command-line outputs.
 
 ```bicep
 @secure()
@@ -165,7 +165,7 @@ output demoSecretObject object
 
 There are several linter rules related to this decorator: [Secure parameter default](./linter-rule-secure-parameter-default.md), [Secure parameters in nested deployments](./linter-rule-secure-params-in-nested-deploy.md), [Secure secrets in parameters](./linter-rule-secure-secrets-in-parameters.md).
 
-
+The `@secure()` decorator is valid only for outputs of type string or object, as these align with the [secureString](../templates/syntax.md#outputs) and [secureObject](../templates/syntax.md#outputs) types in ARM templates. To pass arrays or numbers securely, wrap them in a secureObject or serialize them as a secureString.
 
 ## Conditional output
 

articles/azure-resource-manager/bicep/parameters.md

@@ -3,7 +3,7 @@ title: Parameters in Bicep files
 description: Learn how to define and use parameters in a Bicep file.
 ms.topic: conceptual
 ms.custom: devx-track-bicep
-ms.date: 03/25/2025
+ms.date: 05/09/2025
 ---
 
 # Parameters in Bicep
@@ -207,7 +207,7 @@ See [Elevate error level](./user-defined-data-types.md#elevate-error-level).
 
 ### Secure parameters
 
-You can mark string or object parameters as secure. The value of a secure parameter isn't saved to the deployment history and isn't logged.
+You can mark string or object parameters as secure. When a parameter is decorated with `@secure()`, Azure Resource Manager treats the parameter value as sensitive, preventing it from being logged or displayed in deployment history, Azure Portal, or command-line outputs.
 
 ```bicep
 @secure()
@@ -232,6 +232,8 @@ resource keyvault 'Microsoft.KeyVault/vaults@2019-09-01' = {
 }
 ```
 
+The `@secure()` decorator is valid only for parameters of type string or object, as these align with the [secureString](../templates/syntax.md#parameters) and [secureObject](../templates/syntax.md#parameters) types in ARM templates. To pass arrays or numbers securely, wrap them in a secureObject or serialize them as a secureString.
+
 ## Use objects as parameters
 
 It can be easier to organize related values by passing them in as an object. This approach also reduces the number of parameters in the template.