Data protection

User managed service accounts with user-managed keys


User managed service accounts should not have user-managed keys. User-managed keys can be easily leaked by common development malpractices like checking keys into the source code or leaving them in the Downloads directory, or accidentally leaving them on support blogs/channels. It is recommended to prevent user-managed service account keys.
  • Recommended Mitigation

    For each user-managed service account, delete all keys managed by the user