1

When using Azure Service Bus Topics, how would one ensure that messages sent, containing sensitive data, are secured?

Imagine a microservices scenario where small independent modular services live in Azure and talk to one another via the bus. To add, only interested relevant services should subscribe to the topics too

Thanks

emerald
  • 17
  • 7

2 Answers2

0

I'm not sure to understand your question. It's like asking how to be sure my sql database is accessed only by relevant service ? And the simple answer is don't give your connection string to others services.

Let me enumerate some rules that we follows in our teams :

  • Never send sensitive data, but store them in a secured store and send the id. Why we do that is we can enable a monitoring subscription that can log all messages when needed.
  • Don't share connections strings. Every consumer/producer should have it own per topic connection string (and not per namespace like the RootManageSharedAccessKey). The connection string should enable the minimal claims needed for the service : Send, Listen, Manage
  • If your bus has the Premium SKU, you have the ability to configure Networking. Allow access only to your services subnets
saad
  • 764
  • 4
  • 18
-2

Messages that have specific characteristics must be processed in different ways. To enable this processing, you can configure subscriptions to find messages that have desired properties and then perform certain modifications to those properties.

This filtering is accomplished using subscription filters. Such modifications are called filter actions. When a subscription is created, you can supply a filter expression that operates on the properties of the message.

For a full working example, see the TopicSubscriptionWithRuleOperationsSample sample on GitHub

For messages follow this : https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-messages-payloads

DixitArora-MSFT
  • 1,768
  • 1
  • 5
  • 8