Nowadays, we are familiar with the need of having secrets in our applications that have many different pieces of software interacting with each other. 
Kubernetes is an open source system that helps you manage containerized applications across multiple hosts. Azure Key Vault is a cloud service you can use to store secrets, but how do you authenticate to it when your container is inside a Kubernetes cluster? Should you use an authentication token or username and password? Is there a better solution?

On this session, I'll show you how you can build a secure Web API that will read application secrets from Azure Key Vault, on a container inside a Kubernetes cluster, and how you can use Azure Active Directory Managed Identities to simplify the way APIs authenticate to Azure resources, like Azure Key Vault.

The demo application will be a Web API that generates one time passwords. For this I'll use Azure Kubernetes Service (AKS), .NET Core, Azure Key Vault and Azure CosmosDB.