In our Stream Analytics Job we have some constant values that are required for further computations. Those are considered "secret" by our customer, so it would be good to not have them set directly in the Query or the User Defined Function we're using. Is there any best practice how to deal with these, e.g. can we somehow retrieve these values from Azure Key Vault?
Asked
Active
Viewed 291 times
2
-
From what little information you provided, it's not clear why you'd even log the secrets. By default, any distributed tracing the Azure SDK writes will not include secret information or other PII. What your application does with the secret values is entirely under your control. Putting the secrets in Key Vault will only help keep that information secure at rest and restrict who/what can access them. If you still logged them after retrieving them, Key Vault can't help there. Could you better explain how these values are used and why they'd get logged currently? – Heath May 28 '20 at 08:50
2 Answers
1
Unfortunately, Azure Stream Analytics don’t support Azure Key Vault bindings.
I would suggest you to vote up an idea submitted by another Azure customer.
All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.
CHEEKATLAPRADEEP
- 12,191
- 1
- 19
- 42
1
You could try to see if Reference Data option in Stream Analytics could be the place where you store the constants and update often. If the concern is about having control over how your queries get encrypted while using ASA, you can use your own storage account to store all private data assets related to the job. And then encrypt your storage account in whatever approach you see fit.
Sid Ramadoss
- 521
- 2
- 6
- 13