I have got a working bicep deployment script which creates resources such a sql server databases, virtual machines etc in an idempotent manner after several deployment test runs, dropping and creating the resources several times. However the problem with the script is this, I have hardcoded the credentials within the bicep parameter file, I am looking to improve this by removing the credentials and having it generated by the deployment, stored in key vault and then retried from key vault during deployment.

I have read up the info on the SO link here on how to handle errors when using powershell as a wrapper scrip to deploy bicep deployments. Below is my experience so far.