question

SebastianParkitny-3191 avatar image
0 Votes"
SebastianParkitny-3191 asked PramodValavala-MSFT answered

Documentation of encryption of Azure Services

I'm looking for a more detailed documentation of the encryption of

  • Application Settings of Azure Functions

  • Secrets of Azure API Management

The documentation of Microsoft only states that the above mentioned items are encrypted, but not how it's encrpyted. The fact is, that everbody having access to a subscription can read, modify and delete the settings and secrets.

Regards

Sebastian



azure-functionsazure-api-management
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

PramodValavala-MSFT avatar image
0 Votes"
PramodValavala-MSFT answered

@SebastianParkitny-3191 Like you've mentioned, there is no public documentation for the same and the default behavior is primarily to ensure secrets are encrypted at rest. You could however protect access to Application Settings using Azure RBAC and selectively provide access to users. Custom Roles can be leveraged as well.

A more control option is to leverage Azure Key Vault to store secrets and then reference them in App Settings as Key Vault References for Azure Functions and similarly for Azure APIM you can leverage Key Vault Secrets instead of plain Named Values. You can restrict access to Key Vault via its own access policies.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.