Hi Maya,
The issues relate to the storage and management of sensitive information, specifically cleartext cloud keys and an exposed private key. These vulnerabilities pose significant security risks, including the potential for unauthorized access and compromise of secure connections.
Luckily Azure has the services you need to remidiate all your problems. I recommend implementing an approved secret management solution, such as Azure Key Vault, to securely store and manage the cloud keys. Azure Key Vault provides a secure and centralized location for storing secrets, including cloud keys, with robust access controls and encryption.
Additionally, the exposed private key stored in cleartext requires immediate attention. I suggest removing the exposed private key and replacing it with a new private key. To obtain a new wildcard domain certificate, you can consider using Azure App Service or Azure Kubernetes Service (AKS) for hosting your applications. These services provide built-in certificate management capabilities and integration with Azure Key Vault for securely storing and retrieving certificates.
To remediate the vulnerabilities, I recommend the following steps:
- Implement Azure Key Vault to securely store and manage cloud keys.
- Generate new cloud keys and update the configurations of affected applications and services to use the keys stored in Azure Key Vault.
- Remove the exposed private key and replace it with a new private key generated through Azure Key Vault or a trusted certificate authority.
- Obtain a new wildcard domain certificate through Azure App Service or AKS, utilizing Azure Key Vault for secure certificate storage.
- Follow best practices for secure key management, including regular key rotation and restricted access controls.
Hope this helps!
** Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.