Closed SebastianClaesson closed 6 months ago
I don't deny the use of Managed Identity across the board in environments that require more zero-trust, but I don't see the need to provide it as the default deployment template.
Acmebot can be used by simply specifying the URL of the Zip package, so it is easy to customize it for each environment.
Is your feature request related to a problem? Please describe. Storage Account keys are sensitive as they provide access to the underlying storage account. These keys must be protected. For example, the azure function interacts with it's underlying storage account using keys through the following environment variables;
Describe the solution you'd like To protect the storage account keys, they can be protected by an Azure key vault, where the Azure functions managed identity have access to. It must use the Managed identity to connect to the host storage account. Ref; Connecting to host storage with an identity