Closed nzthiago closed 5 years ago
The example looks good but I think the approach should be changed. Now we show that it's ok to leak secrets to externals, but maybe we should create an example that:
Example could be to get all GitHub repos in an org for example.
That said, good example that shows how simple it is!
We needed a super simple one that focused on how to get the secret from Key Vault with MSI and not on what to do with the secret, so I wouldn't change this one. I do agree that we can now build on it to show what to do with the secret, sounds like you're volunteering to add one for GitHub API :)
It's more about setting an example on how to do security right but I get what you are saying.
Do you mind if I just PR a quick note?
I do agree that we can now build on it to show what to do with the secret, sounds like you're volunteering to add one for GitHub API :)
I wish I had the time for that which is not the case, sorry! 😔
Sure, feel free to PR with the extra note, @miaojiang would be the one to merge it
Here we go! Let me know what you think if you're interested.
I want to clarify again that I have no problems with your sample @nzthiago! I just want to make people aware that they should not do this in PROD 😅
Don't thank me @vladvino, thank @nzthiago !
Adds a policy example for using Managed Identities to look up secrets stored in Key Vault. The Managed Identity is used to authenticate with Key Vault.