Skip to content

[Update] Valet Key#538

Open
v-federicoar wants to merge 1 commit into
mspnp:mainfrom
v-federicoar:refresh/valet-key
Open

[Update] Valet Key#538
v-federicoar wants to merge 1 commit into
mspnp:mainfrom
v-federicoar:refresh/valet-key

Conversation

@v-federicoar

Copy link
Copy Markdown
Contributor

Summary

This PR reviews the valet-key sample to ensure it is current and secure. No code changes are made; the sample is already aligned with best practices for user-delegated SAS token generation.

What was reviewed

  • FileServices.cs: User delegation SAS token generation using GetUserDelegationKeyAsync()
  • ValetKey.Client/Program.cs: Client consumption of SAS tokens for secure blob upload
  • Bicep infrastructure: Storage account configuration, RBAC role assignments, and diagnostic logging
  • Dependencies: All packages at current stable versions

Security alert validation

A GitHub secret scanning alert flagged a hardcoded storage account key (Password #2) in historical commits. This alert was validated as resolved:

  • Current code status: The sample no longer uses any hardcoded storage account keys.
  • User delegation approach: The implementation already follows the secure pattern described in the docs — SAS tokens are signed with Microsoft Entra ID credentials via UserDelegationKey, not account keys.
  • Storage account configuration: Bicep sets allowSharedKeyAccess: false, enforcing that only managed identity and user delegation can authenticate.
  • Historical context: The flagged key appears in commits 44a16d7 (update valuescontroller) and cc8e0d2 (Update ValetKey to Track 2), dating from the legacy codebase refactor to isolated worker model.

Validation

  • ✅ Code review completed
  • ✅ No breaking changes to existing API
  • ✅ Sample flow remains: client → API → SAS token → upload
  • ✅ Security alert resolved and documented

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR performs a dependency maintenance pass on the valet-key cloud design pattern sample, bumping two version references to their current stable releases. It also includes a trailing whitespace cleanup in the README. No functional or logic changes are made.

Changes:

  • Bumps Microsoft.Azure.Functions.Worker NuGet package from 2.51.0 to 2.52.0
  • Updates the Azure Storage Accounts Bicep API version from 2025-06-01 to 2026-04-01
  • Removes trailing whitespace on one line in README.md

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
valet-key/ValetKey.Web/ValetKey.Web.csproj Bumps Microsoft.Azure.Functions.Worker to 2.52.0
valet-key/README.md Trailing whitespace removal on line 9 (no content change)
valet-key/bicep/main.bicep Updates Storage Accounts API version to 2026-04-01

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@v-federicoar v-federicoar requested a review from johndowns June 18, 2026 17:31
@v-federicoar v-federicoar marked this pull request as ready for review June 18, 2026 17:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants