{"id":"azure-workload-isolation-network-to-secrets","text":"End-to-end workload isolation from infrastructure network layer through secrets delivery is achievable independently of compute substrate: the zero-trust infrastructure stack (default-deny LB + NSG filtering) extends via Private Link to PaaS boundaries, and both AKS and App Service inject secrets through the same Key Vault + managed identity stack operating within that isolation boundary — creating a continuous isolation chain from network edge to application runtime.","truth_value":"OUT","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{"_retracted":true},"explanation":{"steps":[{"node":"azure-workload-isolation-network-to-secrets","truth_value":"OUT","reason":"retracted premise"}]}}