module/ConfigurationProvider/ControlConfigurations/Services/ContainerInstance.json
|
{
"FeatureName": "ContainerInstance", "Reference": "aka.ms/azsktcp/ContainerInstance", "IsMaintenanceMode": false, "Controls": [ { "ControlID": "Azure_ContainerInstance_DP_Avoid_Plaintext_Secrets_Trial", "Description": "Container Instance must not have secrets/credentials present in plain text", "Id": "ContainerInstance10", "ControlSeverity": "High", "Automated": "Yes", "MethodName": "ContainerInstanceAvoidPlaintextSecrets", "DisplayName": "Container Instance must not have secrets/credentials present in plain text", "Category": "Credentials Access", "ControlRequirements": "Eliminating plain text credentials", "Rationale": "Keeping secrets/credentials such as DB connection strings, passwords, keys, etc. in plain text can lead to exposure at various avenues during an application's lifecycle. Storing them in a key vault ensures that they are protected at rest.", "Recommendation": "Find detected secrets/credentials using the information available in the UI, rotate those credentials and remove them. Use KeyVault to store secrets/credentials and KeyVault connector to fetch those secrets/credentials: https://docs.microsoft.com/en-us/connectors/keyvault/.", "Tags": [ "SDL", "TCP", "Automated", "DP", "Baseline", "Daily", "Trial" ], "Enabled": true } ] } |