davfost
commented
7 months ago Based on the deadlines for the current security work I would say the idea of re-negotiating who owns service principals/managed identities are out of scope.
Closed davfost closed 5 months ago
davfost
commented
7 months ago Based on the deadlines for the current security work I would say the idea of re-negotiating who owns service principals/managed identities are out of scope.
ilyas1974
commented
5 months ago Per discussion with David, we are going to use the guidance provided by DDFUN (https://devdiv.visualstudio.com/Engineering/_wiki/wikis/CNEKB/40616/Standard-on-Storage-of-Secrets-and-Managed-Identities) for all future requests from customers. Everything that currently exists will remain "as-is".
We are at the start of a new security push so this would be a good time to push back on bad security behaviors in current processes.
It appears that our team is manage credentials and secrets for 'clients' of our services. This my be convent for the client as they don't have to have to think about their own secrets but it is a security risk.
It is basically like saying you have a bank car but you're are going to let a dozen other people you don't even know manage the pin for the card while you no longer even know how to manage the pin if you had to.
It expands the number of people who can access these secrets beyond what is actually needed, puts the client in a position where they may not be able self manage their own credentials in a security emergency, and creates a situation where a single compromised dev account can both compromise back-end services resources and impersonate client possibly to other services that the dev would not normally have access to.
Release Note Category
Release Note Description