Securing with Secrets
Compliant Development Process
The course is part of this learning path
Configuration is an important aspect of determining an application’s behavior. Settings files often include sensitive information like passwords and API keys. In this course, we will look at how to protect that sensitive information while the app is being developed and when it is in production.
Azure’s App Configuration Service allows you to manage access to settings data and we will see how to use it within a .Net application. We will look at using Azure Key Vault in conjunction with App Configuration Service, and how to access Azure Key Vault directly from your application and from apps running in a container within a Kubernetes cluster.
Next, we look at the idea of shifting left security testing within your development process, and how we can automate security testing as part of implementing a compliant development process. Much of this will involve using extensions from the Azure marketplace within your DevOps build pipeline.
This course contains numerous demonstrations from the Azure platform so that you can get a first-hand look at the topics we will be covering. If you have any feedback relating to this course, please contact us at firstname.lastname@example.org.
- Learn about app configuration
- Run and deploy apps with the Azure App Configuration service
- Use Azure Key Vault to store secrets and certificates
- Access Key Vault directly from your apps, including those running within a Kubernetes cluster
- Create a compliant development process by integrating code analyzers, branch policies, quality gates, open-source library scanning, and automated penetration into a build pipeline
- Intermediate-level developers, DevOps engineers, and product managers
- Anyone interested in learning how to implement secure app configurations and development pipelines
To get the most out of this course, you should have some pre-existing knowledge of software development and of using Microsoft Azure.
Let's look at how we can add secrets to our app settings and configuration. I'll go into my howconfigkeyvault, and we can see I already have a secret set up there called supersecret. Because I'm using managed identity, I need to give Key Vault access to my app. I'll do that by going into access policies and clicking add access policy. In add access policy, I'll select a secret management template, which defaults to all non-privileged operations. Selecting a secrets template doesn't exclude you from selecting operations on keys or certificates.
Next I'll select the howatconfig principle. Then in terms of seek permissions, I'll get rid of everything that's not just a read or list permission. And add that access policy and save. I've got to say, this saving after adding is a bit clunky and I've forgotten to do it more than once. I mean, I've selected it, I've added it, it appears in the policy list, but wait, there's more. Anyway, now going back to my configuration instance. I will need to add a key to my settings. That will be a Key Vault reference key. I'll give that a name and make it part of mydemo@namespace, and I'll select my Key Vault and my secret and create the key.
Now, back in the app, we need to configure access to the Key Vault. And that is just done by adding a configure key vault with set credentials and using the currently available credentials. Now over at the controller, I just need to access that setting which is a string saying demo app and config secret. No, not, that won't do. It should be demo app. Okay. I just need another div to display the secret. Let's publish that and see what it looks like. And there we have my secret revealed.
Hallam is a software architect with over 20 years experience across a wide range of industries. He began his software career as a Delphi/Interbase disciple but changed his allegiance to Microsoft with its deep and broad ecosystem. While Hallam has designed and crafted custom software utilizing web, mobile and desktop technologies, good quality reliable data is the key to a successful solution. The challenge of quickly turning data into useful information for digestion by humans and machines has led Hallam to specialize in database design and process automation. Showing customers how leverage new technology to change and improve their business processes is one of the key drivers keeping Hallam coming back to the keyboard.