Closed Pauwelz closed 11 months ago
Maybe we can look at using Managed Identities on a broader scope than just Storage Account? Should be possible to use this to call the API's also right?
Perhaps, certainly if we use a User-Assigned one, we should be able to get all our Logic Apps to use the same one. This was more from the customer perspective where they want it to be MI towards the Storage Account at first.
Indeed, add a user assigned managed identity to the Invictus for Azure deployment and use that to connect to all Invictus related components.
Thx, @Pauwelz , for all these security suggestions! There is indeed a great opportunity to improve this. Thank you! 🏅
@LaurentAerens @Pauwelz I suppose this issue can now also be closed?
Issue can be closed as MSI changes have been added due to Ecofit requriements
Currently we're using Shared Access Keys for access to the Storage Account from all the applications needing it. All of these applications are running in Azure, so we should investigate the work to switching this over to Managed Identities. (This is coming from a customer that also requires Managed Identity instead of Shared Access Keys that can be "leaked")