0

If I deploy the azure function package from an on-premise octopus server thought the internet how to ensure it's security?

example 1 example 2

I'm pretty sure it's secure but I cannot find any information about that at a low level. The whole communication is encrypted? The package is encrypted? Where can I find more about this topic?

Levi Lu-MSFT
  • 27,483
  • 2
  • 31
  • 43
user2542183
  • 53
  • 2
  • 6
  • Deployment script is based on these 2 commands Get-AzureDeployment and New-AzureDeployment – user2542183 Feb 12 '20 at 12:49
  • account login is based on Login-AzureRMAccount command as explained here https://octopus.com/docs/infrastructure/deployment-targets/azure – user2542183 Feb 12 '20 at 12:59
  • quite interesting: "Azure cloud services offer environments compliant with regional data-handling laws. For accounts in a regional cloud, set the environment when you sign in with the -Environment argument. This parameter will work with any sign-in method. For example, if your account is in the China cloud:" from https://learn.microsoft.com/en-us/powershell/azure/authenticate-azureps?view=azps-2.8.0 – user2542183 Feb 12 '20 at 13:09

1 Answers1

1

All the comms happen using https, which is quite secure. package will be stored on the webapp itself and on the octopus server only. Package is not encrypted because it makes no sense, its not being stored anywhere not secure.

The 2 commands you are mentioning are only for deploying to Cloud Services which are not Azure Functions and which are pretty much not being used anywhere now (you can still continue to use them, but it doesnt make any sense to do so).

4c74356b41
  • 69,186
  • 6
  • 100
  • 141