[Feature]: SKR Policy Location #19984
Labels
feature-request
This issue requires a new behavior in the product in order be resolved.
KeyVault
Tracking
We will track status and follow internally
Milestone
Description of the new feature
Today default CVM SKR Policy is stored as a blob in a test subscription - https://cvmprivatepreviewsa.blob.core.windows.net/cvmpublicpreviewcontainer/skr-policy.json
This is risky as anyone in the subscription can modify the file and cause CVM CMK scenario to fail. Currently, PowerShell reads from this storage account which we would like to avoid.
We have decided to shift the key release policy to GitHub which you can find here: https://raw.githubusercontent.com/Azure/confidential-computing-cvm/main/cvm_deployment/key/skr-policy.json
We would like for skr-policy reference to point to this GitHub as well for PowerShell to store a local backup copy.
Proposed implementation details (optional)
Ideal implementation date is before the end of the quarter.
The text was updated successfully, but these errors were encountered: