cudeso
commented
4 months ago Thank you for the update. Maybe it's useful to add some explanation to the README as well?
Closed jusso-dev closed 4 months ago
cudeso
commented
4 months ago Thank you for the update. Maybe it's useful to add some explanation to the README as well?
jusso-dev
commented
4 months ago Yes sorry will do that shortly 🙂
cudeso
commented
4 months ago Yes sorry will do that shortly 🙂
Great! Let me know if you need help.
jusso-dev
commented
4 months ago Updated guidance in the README @cudeso
lnfernux
commented
4 months ago A bit late to the party here, but this was already covered using MSI. You can simple define the application settings as key vault references, and as such you are not hard-coding the references but rather using the same flow to get key vault secrets via the MSI :)
This change gives the implementor the option to use Azure Key Vault as the secret store for secret values such as the Azure Service Principal client secret and the misp_key.
If the user does not want to read from Azure Key Vault or implement it as such, the solution will fall back to reading values from environment variable, which in the context of Azure Functions means at least they are encrypted at rest and in transit.
Changing the values should the implementor choose to do so, will also now not require a code change.
For Key Vault to be used, an MSI must be enabled on the Function - https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=portal%2Chttp
To grant the newly created MSI relevant Azure Key Vault permission via an "Azure Key Vault Access Policy" this guide can be referenced - https://learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal