Ensure Azure Key Vaults are Used to Store Secrets
Why This Matters
Storing application secrets such as encryption keys, certificates, or managed identity credentials directly in code or configuration files introduces a significant security risk. Any user with access to the application source code or runtime environment can extract these credentials and abuse them to access or modify protected data. Azure Key Vault provides a centralized, permission-controlled vault for secrets, reducing exposure and enabling credential rotation without redeploying the application.
What Aether365 Checks
Aether365 verifies that your Azure App Service and related hosted services are configured to use Azure Key Vault to store all secrets, encryption keys, and certificates. This check appears in the Aether365 dashboard under the azure-app-services security checks and flags any hosted service that does not reference a key vault for its secret storage.