Session

Protecting Your Secrets using Azure Key Vault, Azure App Configuration, GitHub, and C# MVC

Your team has been working well for a long time, but developers keep checking in the connection strings to Azure Services (like SQL Databases and Storage). You know that once you check in a secret it should be considered compromised so you've built a robust rotation strategy and you are ready to move forward, but you want to solve the real problem, which is preventing the team from checking in (and even knowing) what your secrets are. Another problem that you noticed is that Application Insights and your users are logging sensitive information that needs to be sanitized.

In this session you will learn how to get notifications when users have checked in secrets using GitHub and third-party tools. You'll also see how to leverage secrets in your code without having to know the secrets, both locally and at Azure via the Azure Key Vault.

You will then learn how to leverage secrets that need to be shared to Azure App Configuration and have the ability to use them from your local and Azure environments.

To complete the journey, you will then learn how to capture output before committing to your logs (or app insights) with a few simple code changes to make sure that sensitive information is sanitized before being permanently recorded.

This talk also has a backing repo with step-by-step instructions. https://github.com/AzureCloudWorkshops/ACW_ProtectingYourApplicationSecrets

Brian Gorman

Microsoft Azure MVP, Speaker, Author, Trainer, and .Net Developer

Waterloo, Iowa, United States

View Speaker Profile