Utilize Managed Identity and remove any access keys from environment variables. #674
Assignees
Labels
enhancement
New feature or request
Comments
|
I don't deny the use of Managed Identity across the board in environments that require more zero-trust, but I don't see the need to provide it as the default deployment template. Acmebot can be used by simply specifying the URL of the Zip package, so it is easy to customize it for each environment. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Storage Account keys are sensitive as they provide access to the underlying storage account.
These keys must be protected.
For example, the azure function interacts with it's underlying storage account using keys through the following environment variables;
Describe the solution you'd like
To protect the storage account keys, they can be protected by an Azure key vault, where the Azure functions managed identity have access to.
It must use the Managed identity to connect to the host storage account.
Ref; Connecting to host storage with an identity
The text was updated successfully, but these errors were encountered: