search

Azure / Enterprise-Scale

The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture
https://aka.ms/alz
MIT License
1.72k stars 968 forks source link

Bug Bash: Secrets stored in Subscription is a security concern #605

Open krowlandson opened 3 years ago

krowlandson commented 3 years ago

Describe the bug

When running the deployment template for Enterprise-Scale with the option to Deploy integrated CICD pipeline set to Yes, this is generating a set of resources in the Management Subscription, including a Key Vault containing Secrets.

Due to the nature of these secrets (Personal Access Token from an external service, linked to a user), this should be clearly communicated to the person running the deployment to raise awareness of this behaviour.

Steps to reproduce

  1. Run Deploy-to-Azure with option to Deploy integrated CICD pipeline set to Yes

Screenshots

jtracey93 commented 2 years ago

Trigger ADO Sync 1

jtracey93 commented 2 years ago

Trigger ADO Sync 2