Morioh
Login
Justyn Ortiz

Justyn Ortiz

3 years ago

As the adoption of cloud technologies increases day by day, companies are enhancing their web applications by using the varied services provided by different cloud providers. Security is an important step while developing any application. In this article, I am going to provide the details of one such Azure service that helps safely store your application configuration secrets – Azure Key Vault. I’ll go through what Azure Key Vault is and how you can use it to store application secrets securely.

While developing applications, you might have seen scenarios where you need to provide connection strings to resources such as databases or cache. As a developer, you might be quite aware that these values are being put into the configuration files (i.e., web.config) of the application. These values are further used by the application to establish connections and communicate with the resources. This may be seen as one of the security issues as the connection strings might be accidentally visible to unauthorized individuals. This is one of the security threats for the Production database information. Azure Key Vault can come to the rescue here so that the crucial information is saved on the Azure cloud with more secured role-based authorization and access control policies. The next section explains the Azure Key Vault in more detail.

Azure Key Vault

As the name suggests, Azure Key Vault is used to store and manage keys securely. Key Vault can be used to store the cryptographic secrets and keys such as authentication keys, storage account keys, data encryption keys, passwords and certificates.

Azure Key Vault enables developers to create the keys for development and testing in minutes, and they can further migrate this setup seamlessly onto the production environment.

The centralized key store/vault can be securely managed by the Key Vault owner who manages permissions to this key store and would be responsible for keeping the secrets secure.

Sensitive Date Categories

Keys: These are the cryptographic keys which are most often used by other Azure services. For example, say you want to write data to Azure Storage, and you want to encrypt it. Such highly sensitive encryption codes can be stored as the keys.

Secrets: These include sensitive information that application might need during the run time such as SQL database connection strings and other connections string such as Azure Storage, Redis Cache, etc. that the application is using.

Certificates: The certificates that are used for HTTP/SSL communication is a good example. These certificates consist of private and public keys, and such values should be stored securely.

Benefits of Azure Key Vault

  • Reduces the need for deployments if there is a change in resource’s configuration. The main reason for this is that access keys/secrets are stored in Azure Key Vault and not in web.config, so there is no need for redeploying web.config. Just update the value in Azure Key Vault, and your application is ready to use it.
  • Securely manage application key/secrets by enforcing role-based access policies.
  • Reduce latency in accessing the keys by making use of the Azure Cloud Global redundancy feature. This makes sure your application keys are accessible at all times.
  • Applications have no direct access to keys. This ensures the secrets are not passed on to a person who has no permissions to the respective resources.
  • Helps to create and export keys in no time.

Take a look at how you can store application secrets in Azure Key Vault and use them to build applications.

Setup in Azure

The application demonstrated here is a simple console application that fetches an image from Azure blob storage and downloads it to the local folder specified in the application. Since the app must grab the image from the Azure storage blob, it must establish a secure connection. Typically, this connection string is stored in the config file of the application; however, this example makes use of Azure Key Vault to store this connection string value. The essential components needed for this application are

  • Azure Blob Container Storage with a file to download.
  • Azure Key Vault with a storage account connection string stored in a secret.
  • Application registered on the Azure Active Directory that provides the ClientId and ClientSecret to access the key vault.

Setting up Azure Storage container

  • The first step is to log in to the Azure Portal. For this, you would need an Azure Subscription.
  • Create an Azure storage account for Blob Storage first if you don’t want to use an existing one. Navigate to Storage Accounts by typing in the search section. Click Add and fill in the necessary information such as Storage account name, subscription, and resource group. I have created an account with the name quickuploadappstorage. You may want to create it and the other services in a new Resource Group, so it’s easy to delete everything once you are done with the example.

2020-07-13_19-00-02_AzureSTorage

#.net development #homepage #security and compliance #sql data catalog #security

Securing Web Application Secrets Through Azure Key Vault

red-gate.com

Securing Web Application Secrets Through Azure Key Vault

Azure Key Vault is a service for storing securely certificates, credentials, connection strings, and more. In this article, Rishit Mishra walks through how to use the service to secure a connection string for an application.

1.35 GEEK