You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Storage Account keys are sensitive as they provide access to the underlying storage account.
These keys must be protected.
For example, the azure function interacts with it's underlying storage account using keys through the following environment variables;
AzureWebJobsStorage
WEBSITE_CONTENTAZUREFILECONNECTIONSTRING
Describe the solution you'd like
To protect the storage account keys, they can be protected by an Azure key vault, where the Azure functions managed identity have access to.
It must use the Managed identity to connect to the host storage account.
Ref; Connecting to host storage with an identity
The text was updated successfully, but these errors were encountered:
I don't deny the use of Managed Identity across the board in environments that require more zero-trust, but I don't see the need to provide it as the default deployment template.
Acmebot can be used by simply specifying the URL of the Zip package, so it is easy to customize it for each environment.
Is your feature request related to a problem? Please describe.
Storage Account keys are sensitive as they provide access to the underlying storage account.
These keys must be protected.
For example, the azure function interacts with it's underlying storage account using keys through the following environment variables;
Describe the solution you'd like
To protect the storage account keys, they can be protected by an Azure key vault, where the Azure functions managed identity have access to.
It must use the Managed identity to connect to the host storage account.
Ref; Connecting to host storage with an identity
The text was updated successfully, but these errors were encountered: