Securing with Secrets
Compliant Development Process
The course is part of this learning path
Configuration is an important aspect of determining an application’s behavior. Settings files often include sensitive information like passwords and API keys. In this course, we will look at how to protect that sensitive information while the app is being developed and when it is in production.
Azure’s App Configuration Service allows you to manage access to settings data and we will see how to use it within a .Net application. We will look at using Azure Key Vault in conjunction with App Configuration Service, and how to access Azure Key Vault directly from your application and from apps running in a container within a Kubernetes cluster.
Next, we look at the idea of shifting left security testing within your development process, and how we can automate security testing as part of implementing a compliant development process. Much of this will involve using extensions from the Azure marketplace within your DevOps build pipeline.
This course contains numerous demonstrations from the Azure platform so that you can get a first-hand look at the topics we will be covering. If you have any feedback relating to this course, please contact us at firstname.lastname@example.org.
- Learn about app configuration
- Run and deploy apps with the Azure App Configuration service
- Use Azure Key Vault to store secrets and certificates
- Access Key Vault directly from your apps, including those running within a Kubernetes cluster
- Create a compliant development process by integrating code analyzers, branch policies, quality gates, open-source library scanning, and automated penetration into a build pipeline
- Intermediate-level developers, DevOps engineers, and product managers
- Anyone interested in learning how to implement secure app configurations and development pipelines
To get the most out of this course, you should have some pre-existing knowledge of software development and of using Microsoft Azure.
So far we've talked about App Configuration in terms of released products, but you can use it elsewhere, like within your DevOps pipeline. So if you're using your App Configuration as a central settings repository, but you need to incorporate it into some kind of static settings, because you have an application that may not be connected, or maybe it needs settings before connections are fully established, you can export your settings from App Configuration. Here, I'm just going to show you how you can use a pipeline within Azure DevOps to access your app settings from App Configuration and export it into a file.
So we'll just make up a pipeline here and just for the sake of demonstration, I'm going to connect to my app settings with an inline script, and we're going to use the AZ app config key-value export command in our PowerShell script. And then I'm going to publish that artifact so we can have a look at it. I'll just add the publish build artifacts task. Having done that, let's just save and run the script. I don't want to commit this to the master, so I'll just create a new branch and save and run.
So now we go and have a look at the job. Here we can see it running. Obviously I didn't need to check out my code for this demonstration. Logging on using the Azure CLI does take a little while. Okay, the job's now finished. So let's go back to the pipeline summary and we'll have a look at what's being produced here in terms of exporting the settings.
If I download this file, have a look at it inside Visual Studio, we can see that is exactly what we uploaded to the App Configuration. Not only can you use Azure CLI, but there is also an App Configuration extension that you can incorporate into your Azure DevOps. I'm just going to go to the marketplace and we'll search for App Configuration. Okay, there it is, and it's free. So I'll just install that.
Now that's done, I'll go back to Azure DevOps. Now, what I'm going to do here is I'm just going to change the pipeline and show you how to use the App Configuration extension to access my settings. So I'll search for the App Configuration task and I'm going to set up my connection to my subscription. I'll select my instance from the dropdown list, and I'm also going to specify the key filter for just getting the settings of my demo app.
Now that we've got the connection, I'm going to grab the settings. I'm just going to use a PowerShell script task to print out one of the settings and display it in the command line. Just use a simple echo command here. So it's an inline script and I'm just going to echo out the background color. As you can see, the App Configuration extension makes settings available as pipeline variables. Now add the PowerShell task and let's save and run. Right, now that's finished let's go to our PowerShell task and here we can see the light green has been printed out from our configuration settings.
Hallam is a software architect with over 20 years experience across a wide range of industries. He began his software career as a Delphi/Interbase disciple but changed his allegiance to Microsoft with its deep and broad ecosystem. While Hallam has designed and crafted custom software utilizing web, mobile and desktop technologies, good quality reliable data is the key to a successful solution. The challenge of quickly turning data into useful information for digestion by humans and machines has led Hallam to specialize in database design and process automation. Showing customers how leverage new technology to change and improve their business processes is one of the key drivers keeping Hallam coming back to the keyboard.