Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce least priv with the SP that uses KV #1501

Open
1 task
james-garriss opened this issue Jan 9, 2025 · 0 comments
Open
1 task

Enforce least priv with the SP that uses KV #1501

james-garriss opened this issue Jan 9, 2025 · 0 comments
Labels
enhancement This issue or pull request will add new or improve existing functionality

Comments

@james-garriss
Copy link
Collaborator

james-garriss commented Jan 9, 2025
edited
Loading

💡 Summary

The purpose of this issue to better enforce "least priv" for the service principal (SP) that is accessing Key Vault (KV).

This is related to #1502

Motivation and context

Per discussions at the Jan 2025 TEM, the SP used to access KV has more privs than it needs.

Implementation notes

The priv update is done in Entra ID.
The testing should be done with all workflows that use a secret in KV.

Acceptance criteria

How do we know when this work is done?

  • The SP that uses KV is following least priv practices.
@james-garriss james-garriss added the enhancement This issue or pull request will add new or improve existing functionality label Jan 9, 2025
@james-garriss james-garriss mentioned this issue Jan 9, 2025
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement This issue or pull request will add new or improve existing functionality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@james-garriss