I created Managed Application for Azure Marketplace. And I use some secret data during deploy app to user subscription. Is it secure putting this data to file mainTemplate.json? And if not, what variants exists?
Try this: https://learn.microsoft.com/en-us/azure/managed-applications/key-vault-access
The template files for a managed app in the marketplace are only secured by obscurity (you need to guess at what the URL is (and it contains a guid)). So for added security, put the secrets in KV and reference them from there.