Signed runbooks for Azure cloud platform worker
Please add support to run only signed Runbooks so that we can be sure that no modifications are made for our runbooks.
It should work not only on Hybrid worker as it is now, but also on Azure cloud platform worker.
We should be able to provide our certificates for signature checks (better via KeyVault integration).
Really good feedback, I passed this on to the Automation team to review and consider for future iterations to the service. Please stay tuned.
Stanley Merkx commented
If this could be integrated with the "Source Control" feature: even better.
Edits committed to the repository, through pull-request, peer-review, etc, should be signed on import using a certificate imported from a configurable keyvault or (mvp) using an automation 'certificate' shared resource.
We can then enforce that runbooks can only be edited from the repository. Any edits done in the portal will invalidate the signature causing the runbook to fail after such an edit.