Securing with Secrets
Compliant Development Process
The course is part of this learning path
Configuration is an important aspect of determining an application’s behavior. Settings files often include sensitive information like passwords and API keys. In this course, we will look at how to protect that sensitive information while the app is being developed and when it is in production.
Azure’s App Configuration Service allows you to manage access to settings data and we will see how to use it within a .Net application. We will look at using Azure Key Vault in conjunction with App Configuration Service, and how to access Azure Key Vault directly from your application and from apps running in a container within a Kubernetes cluster.
Next, we look at the idea of shifting left security testing within your development process, and how we can automate security testing as part of implementing a compliant development process. Much of this will involve using extensions from the Azure marketplace within your DevOps build pipeline.
This course contains numerous demonstrations from the Azure platform so that you can get a first-hand look at the topics we will be covering. If you have any feedback relating to this course, please contact us at firstname.lastname@example.org.
- Learn about app configuration
- Run and deploy apps with the Azure App Configuration service
- Use Azure Key Vault to store secrets and certificates
- Access Key Vault directly from your apps, including those running within a Kubernetes cluster
- Create a compliant development process by integrating code analyzers, branch policies, quality gates, open-source library scanning, and automated penetration into a build pipeline
- Intermediate-level developers, DevOps engineers, and product managers
- Anyone interested in learning how to implement secure app configurations and development pipelines
To get the most out of this course, you should have some pre-existing knowledge of software development and of using Microsoft Azure.
Feature flags are an important tool in the DevOps kit bag. They allow code to be released where not all functionality has been fully finished. App Configuration allows you to set up and manage feature flags. I'm gonna set up a feature flag to turn on and off access to a new order feature.
First, lets set up the flag in the portal by going into Feature manager under Operations in App Configuration and clicking Add. I'll give it a name of orders feature, no label and a description. By default the new feature flag is turned off. If I go back into Configuration explorer I can see the flag has been added as a setting. Clicking the ellipses and selecting view key-value data displays the raw flag data including any dynamic conditions.
Back in Visual Studio I need to add the FeatureManagement. AspNetCore NuGet package and make some adjustments to program.cs. First off I need to add UseFeatureFlags to AddAzureAppConfiguration options. Because the feature flag has no label I need to add another filter condition to also include settings where the label is null. In startup I need to add feature management to services.
Next, I'll create an AppFeature enumerated type with an OrdersFeature flag and add the FeatureGate decorator with the OrdersFeature flag to the index method of the orders controller. This will also involve adding FeatureManagement to the using statements. In view imports, I'll add a FeatureManagement tag helper. Having done this I can now add the orders menu item to the navbar wrapped in a feature tag.
Okay, let's take a breath and run it. As expected, no order menu item is visible and if I type the orders path directly into the address bar, still no joy. I'll go back to App Configuration and enable the orders feature flag and re-run the app. This is necessary to reload the settings on app start up. There we have the order menu item and if I click on it we go through to the orders page. Also I can now go directly to the orders page with the URL path.
Hallam is a software architect with over 20 years experience across a wide range of industries. He began his software career as a Delphi/Interbase disciple but changed his allegiance to Microsoft with its deep and broad ecosystem. While Hallam has designed and crafted custom software utilizing web, mobile and desktop technologies, good quality reliable data is the key to a successful solution. The challenge of quickly turning data into useful information for digestion by humans and machines has led Hallam to specialize in database design and process automation. Showing customers how leverage new technology to change and improve their business processes is one of the key drivers keeping Hallam coming back to the keyboard.