Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a distinct SP for KV access to enforce least priv. #1502

Open
2 tasks
james-garriss opened this issue Jan 9, 2025 · 0 comments
Open
2 tasks

Create a distinct SP for KV access to enforce least priv. #1502

james-garriss opened this issue Jan 9, 2025 · 0 comments
Labels
enhancement This issue or pull request will add new or improve existing functionality
Milestone
Marlin

Comments

@james-garriss
Copy link
Collaborator

💡 Summary

We are currently using one service principal (SP) for both accessing key vault (KV) and for running the orchestrator.

This is related to #1501

Motivation and context

This enforces least priv.

Implementation notes

Setting up the SPs is done in Entra ID.
The testing should be done with all workflows that use a secret in KV and that run the orchestrator.

Acceptance criteria

How do we know when this work is done?

  • The SP that uses KV is following least priv practices.
  • The SP that uses the orchestrator is following least priv practices.
@james-garriss james-garriss added the enhancement This issue or pull request will add new or improve existing functionality label Jan 9, 2025
@james-garriss james-garriss mentioned this issue Jan 9, 2025
Open
1 task
@schrolla schrolla added this to the Marlin milestone Jan 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement This issue or pull request will add new or improve existing functionality
Projects
None yet
Milestone
Marlin
Development

No branches or pull requests
2 participants
@james-garriss @schrolla