pim-simons
commented
1 year ago Maybe we can look at using Managed Identities on a broader scope than just Storage Account? Should be possible to use this to call the API's also right?
Closed Pauwelz closed 11 months ago
pim-simons
commented
1 year ago Maybe we can look at using Managed Identities on a broader scope than just Storage Account? Should be possible to use this to call the API's also right?
Pauwelz
commented
1 year ago Perhaps, certainly if we use a User-Assigned one, we should be able to get all our Logic Apps to use the same one. This was more from the customer perspective where they want it to be MI towards the Storage Account at first.
pim-simons
commented
1 year ago Indeed, add a user assigned managed identity to the Invictus for Azure deployment and use that to connect to all Invictus related components.
stijnmoreels
commented
1 year ago Thx, @Pauwelz , for all these security suggestions! There is indeed a great opportunity to improve this. Thank you! 🏅
GoutsmitSam
commented
1 year ago @LaurentAerens @Pauwelz I suppose this issue can now also be closed?
GoutsmitSam
commented
11 months ago Issue can be closed as MSI changes have been added due to Ecofit requriements
Currently we're using Shared Access Keys for access to the Storage Account from all the applications needing it. All of these applications are running in Azure, so we should investigate the work to switching this over to Managed Identities. (This is coming from a customer that also requires Managed Identity instead of Shared Access Keys that can be "leaked")