module/ConfigurationProvider/ControlConfigurations/Services/DataFactory.json
|
{
"FeatureName": "DataFactory", "Reference": "aka.ms/azsktcp/datafactory", "IsMaintenanceMode": false, "Controls": [ { "ControlID": "Azure_DataFactory_DP_Avoid_Plaintext_Secrets", "Description": "Data Factory must not have secrets/credentials present in plain text", "Id": "DataFactory10", "ControlSeverity": "High", "Automated": "Yes", "MethodName": "DataFactoryAvoidPlaintextSecrets", "DisplayName": "Data Factory must not have secrets/credentials present in plain text", "Category": "Credentials Access", "ControlRequirements": "Eliminating plain text credentials", "Rationale": "Keeping secrets/credentials such as DB connection strings, passwords, keys, etc. in plain text can lead to exposure at various avenues during an application's lifecycle. Storing them in a key vault ensures that they are protected at rest.", "Recommendation": "Find detected secrets/credentials using the information available in the UI, rotate those credentials and remove them. Use KeyVaults for storing secrets. (Store credentials in Azure Key Vault - Azure Data Factory | Microsoft Docs - https://docs.microsoft.com/en-us/azure/data-factory/store-credentials-in-key-vault; Use Azure Key Vault secrets in pipeline activities - Azure Data Factory | Microsoft Docs - https://docs.microsoft.com/en-us/azure/data-factory/how-to-use-azure-key-vault-secrets-pipeline-activities). Use SecureString parameter types for parameters with credentials.", "Tags": [ "SDL", "TCP", "Automated", "DP", "Baseline", "Daily" ], "CustomTags": [ "Wave9", "ShadowITActiveBaseline", "TenantBaseline", "Prod" ], "Enabled": true } ] } |