module/ConfigurationProvider/ControlConfigurations/Services/ContainerInstance.json
|
{
"FeatureName": "ContainerInstance", "Reference": "aka.ms/azsktcp/ContainerInstance", "IsMaintenanceMode": false, "Controls": [ { "ControlID": "Azure_ContainerInstance_DP_Avoid_Plaintext_Secrets", "Description": "Container Instance must not have secrets/credentials present in plain text.", "Id": "ContainerInstance10", "ControlSeverity": "High", "Automated": "Yes", "MethodName": "ContainerInstanceAvoidPlaintextSecretsAsync", "DisplayName": "Container Instance must not have secrets/credentials present in plain text.", "Category": "Credentials Access", "ControlRequirements": "Eliminating plain text credentials", "Rationale": "Keeping secrets/credentials such as DB connection strings, passwords, keys, etc. in plain text can lead to exposure at various avenues during an application's lifecycle. Storing them in a key vault ensures that they are protected at rest.", "Recommendation": "Find detected secrets/credentials using the information available in the UI, rotate those credentials and remove them. Refer: https://learn.microsoft.com/en-us/azure/container-instances/container-instances-managed-identity to manage secrets in Key Vault and use Manage Identity to access Key Vault.", "Tags": [ "SDL", "TCP", "Automated", "DP", "Baseline" ], "Enabled": true, "CustomTags": [ "Daily", "Preview", "TenantBaseline", "MSD", "TBv9", "CAIPreview", "EDPreview", "SMTPreview", "TRWave4", "TRPreview", "TRBaseline", "SN:ContainerInstance_AvoidSecrets", "CAIWave1", "Secrets" ] } ] } |