Skip to content

v1.4.1 - classic bearer path now calls Key Vault

Choose a tag to compare

@gladjohn gladjohn released this 30 Jun 12:54

Option 4 (Classic MSI bearer) now also calls Key Vault with the plain bearer token (Authorization: Bearer, no binding cert): 200 = secret read with a bearer (the exposure, shown red), 401 = the vault enforces token binding and rejects it, 403 = RBAC. Token is still printed in full for cross-VM replay.