ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6684/secrets/rule.adoc

64 lines
2.3 KiB
Plaintext
Raw Permalink Blame History

include::../../../shared_content/secrets/description.adoc[]
== Why is this an issue?
include::../../../shared_content/secrets/rationale.adoc[]
=== What is the potential impact?
Azure Subscription Keys are used to authenticate and authorize access to Azure
resources and services. These keys are unique identifiers that are associated
with an Azure subscription and are used to control access to resources such as
virtual machines, storage accounts, and databases. Subscription keys are
typically used in API requests to Azure services, and they help ensure that only
authorized users and applications can access and modify resources within an
Azure subscription.
If an Azure Subscription Key is leaked to an unintended audience, it can pose a
significant security risk to the Azure subscription and the resources it
contains. An attacker who gains access to a subscription key can use it to
authenticate and access resources within the subscription, potentially causing
data breaches, data loss, or other malicious activities.
Depending on the level of access granted by the subscription key, an attacker
could potentially create, modify, or delete resources within the subscription,
or even take control of the entire subscription. This could result in
significant financial losses, reputational damage, and legal liabilities for the
organization that owns the subscription.
== How to fix it
include::../../../shared_content/secrets/fix/revoke.adoc[]
include::../../../shared_content/secrets/fix/recent_use.adoc[]
Microsoft Azure provides an activity log that can be used to audit the access to the API.
include::../../../shared_content/secrets/fix/vault.adoc[]
=== Code examples
:example_secret: efbb1a98f026d061464af685cd16dcd3
:example_name: subscription_key
:example_env: SUBSCRIPTION_KEY
include::../../../shared_content/secrets/examples.adoc[]
//=== How does this work?
//=== Pitfalls
//=== Going the extra mile
== Resources
include::../../../shared_content/secrets/resources/standards.adoc[]
=== Documentation
* Microsoft Documentation - https://learn.microsoft.com/en-us/azure/api-management/api-management-subscriptions[Subscriptions in Azure API Management]
* Microsoft Documentation - https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log[Azure Monitor activity log]
//=== Benchmarks
Reference in New Issue View Git Blame Copy Permalink