With Azure Service Bus, there are two ways to gain access to the underlying topics/queues. The main way is through Shared access policies, although access can also be granted through the Access control (IAM) pane.
I'm designing a solution which will use an Azure Function with a Managed Service Identity (MSI), which will be granted access to the Service Bus Namespace through IAM (granting the function MSI contributor access).
My issue is that the RootManageSharedAccessKey key in the namespace Shared Access policies remains there. I've tried to delete this key through the Azure portal, and PowerShell, but haven't found a way to remove it, or reduce its permissions.
My question is: Is there a way to remove/disable the RootManageSharedAccessKey?
Answers to questions before they get asked:
- Corporate security policies don't allow a random root key which never expires to sit around and have access to something which could store confidential information
- I know I could regenerate the SAS key every X minutes via a function, but this is a bit dirty and hacky
