|
|
|
|
|
|
by dh2022
458 days ago
|
|
|
The API Connection in the example has permissions to read the secrets from the KeyVault -as per screenshot. It seems to me the KeyVault secret leak originated when KeyVault K owners gave secret reader permissions to the API Connection. (And I will note that granting permissions in Azure requires Owner role-which way more privileged than the Reader role mentioned in this article.) [edit - article used Reader role, not Contributor role] |
|
|