-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
NamedValueSecretsInKV_AuditDeny.json
66 lines (66 loc) · 2.09 KB
/
NamedValueSecretsInKV_AuditDeny.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
{
"properties": {
"displayName": "API Management secret named values should be stored in Azure Key Vault",
"policyType": "BuiltIn",
"mode": "All",
"description": "Named values are a collection of name and value pairs in each API Management service. Secret values can be stored either as encrypted text in API Management (custom secrets) or by referencing secrets in Azure Key Vault. To improve security of API Management and secrets, reference secret named values from Azure Key Vault. Azure Key Vault supports granular access management and secret rotation policies.",
"metadata": {
"version": "1.0.2",
"category": "API Management"
},
"version": "1.0.2",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.ApiManagement/service/namedValues"
},
{
"field": "Microsoft.ApiManagement/service/namedValues/displayName",
"exists": "true"
},
{
"field": "Microsoft.ApiManagement/service/namedValues/secret",
"equals": "true"
},
{
"anyOf": [
{
"field": "Microsoft.ApiManagement/service/namedValues/keyVault",
"exists": "false"
},
{
"field": "Microsoft.ApiManagement/service/namedValues/keyVault.secretIdentifier",
"exists": "false"
}
]
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"parameters": {
"effect": {
"type": "string",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Disabled",
"Deny"
],
"defaultValue": "Audit"
}
},
"versions": [
"1.0.2"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/f1cc7827-022c-473e-836e-5a51cae0b249",
"name": "f1cc7827-022c-473e-836e-5a51cae0b249"
}