Reputation: 383
Does an Azure managed identity ID need to be kept secret?
I'm using a "user managed identity" with the "AcrPull" role to allow my app services to pull images from my Azure container registry. I currently have the ID of this user managed identity defined in my Terraform config in plain text but I'm wondering if it's considered sensitive and I should have it as a secret instead. I know the service principal ID is not necessarily sensitive but the managed identity has no secret to go with it so it seems much more powerful on its own...
Upvotes: 1
Views: 827
Answers (1)
Reputation: 29711
I currently have the ID of this user managed identity defined in my Terraform config in plain text but I'm wondering if it's considered sensitive and I should have it as a secret instead.
No it is not. Managed Identities are specifically designed to take away the burden to have any secret at all. The identities can only be used to enable Azure resources to communicate with services that support Azure AD authentication. So, if someone somehow does know the principal ID it can only use to grant or restrict access between azure resources. It cannot be used to gain access to the resource by the person himself.
Upvotes: 2
Related Questions
- A question about the differing behaviours of local static variables in C
- How is the "static" keyword affecting the calculation?
- Why do static variables not allow recursion?
- Retaining variable value from first recursive call java
- how does a static variable not get reassigned when inside the function
- What this static variable function as expected in this recursive senerio?
- assignation to the static variable the result of function which changes this static variable inside
- Behaviour of static variables in recursion
- Indirect recursion, dependent static variables
- Values obtained in case of a recursive function