1609127400
Secret Store CSI Driver for Azure Key Vault
Learn how to secure secrets in Kubernetes / AKS using Secret Store CSI Driver for Azure Key Vault.
Project: https://github.com/Azure/secrets-store-csi-driver-provider-azure/
#azure
What is GEEK
Buddha Community
1591268870
Use Azure Key Vault for Secrets in Azure DevOps Pipelines
This blog shows how Azure Key Vault can be used in an Azure DevOps Pipeline build. By using Azure Key Vault to handle all your secrets or certificates, no secrets need to be saved to code, files, or other storage for the initial secrets required in a solution.
#azure #devops #azure cli #azure key vault #key vault
1602776460
Implement Azure AD Client credentials flow using Client Certificates for service APIs
This post shows how to implement an Azure client credential flows to access an API for a service-to-service connection. No user is involved in this flow. A client certificate (Private Key JWT authentication) is used to get the access token and the token is used to access the API which is then used and validated in the API. Azure Key Vault is used to create and provide the client certificate.
Code: https://github.com/damienbod/AzureADAuthRazorUiServiceApiCertificate
Create a client certificate in Azure Key Vault
A self signed certificate with a key size of at least 2048 and key type RSA is used to validate the client requesting the access token. In your Azure Vault create a new certificate.
Download the .cer file which contains the public key. This will be uploaded to the Azure App Registration.
Setup the Azure App Registration for the Service API
A new Azure App Registration can be created for the Service API. This API will use a client certificate to request access tokens. The public key of the certificate needs to be added to the registration. In the Certificates & Secrets, upload the .cer file which was downloaded from the Key Vault.
No user is involved in the client credentials flow. In Azure, scopes cannot be used because consent is required to use scopes (Azure specific). Two roles are added to the access token for the application access and these roles can then be validated in the API. Open the **Manifest **and update the “appRoles” to include the required roles. The **allowedMemberTypes **should be Application.
#app service #asp.net core #aspnet5 #azure key vault #7523 #azpacr #azure #azure app registration #client credentials #jwt #key vault #microsoft.identity.client #microsoft.identity.web #oauth #oauth2 #private key jwt authentication #rfc7523
1591856612
How to Retrieve Connection Strings in Azure Key Vault from ASP.NET
Configuration builders are mechanisms to retrieve connection strings from external sources. Using configuration builders, you may not have to do much coding besides installing packages and providing XML configurations for connecting to popular sources. In this post, I share with you my experience in using configuration builders for .NET to securely retrieve connection strings from an azure key vault. I’ll go over the setup and share some of the issues I face while integrating my app with azure key vault
#azure-devops #azure #aspnet #azure-key-vault #connection-string
1602964260
50+ Useful Kubernetes Tools for 2020 - Part 2
Introduction
Last year, we provided a list of Kubernetes tools that proved so popular we have decided to curate another list of some useful additions for working with the platform—among which are many tools that we personally use here at Caylent. Check out the original tools list here in case you missed it.
According to a recent survey done by Stackrox, the dominance Kubernetes enjoys in the market continues to be reinforced, with 86% of respondents using it for container orchestration.
And as you can see below, more and more companies are jumping into containerization for their apps. If you’re among them, here are some tools to aid you going forward as Kubernetes continues its rapid growth.
#blog #tools #amazon elastic kubernetes service #application security #aws kms #botkube #caylent #cli #container monitoring #container orchestration tools #container security #containers #continuous delivery #continuous deployment #continuous integration #contour #developers #development #developments #draft #eksctl #firewall #gcp #github #harbor #helm #helm charts #helm-2to3 #helm-aws-secret-plugin #helm-docs #helm-operator-get-started #helm-secrets #iam #json #k-rail #k3s #k3sup #k8s #keel.sh #keycloak #kiali #kiam #klum #knative #krew #ksniff #kube #kube-prod-runtime #kube-ps1 #kube-scan #kube-state-metrics #kube2iam #kubeapps #kubebuilder #kubeconfig #kubectl #kubectl-aws-secrets #kubefwd #kubernetes #kubernetes command line tool #kubernetes configuration #kubernetes deployment #kubernetes in development #kubernetes in production #kubernetes ingress #kubernetes interfaces #kubernetes monitoring #kubernetes networking #kubernetes observability #kubernetes plugins #kubernetes secrets #kubernetes security #kubernetes security best practices #kubernetes security vendors #kubernetes service discovery #kubernetic #kubesec #kubeterminal #kubeval #kudo #kuma #microsoft azure key vault #mozilla sops #octant #octarine #open source #palo alto kubernetes security #permission-manager #pgp #rafay #rakess #rancher #rook #secrets operations #serverless function #service mesh #shell-operator #snyk #snyk container #sonobuoy #strongdm #tcpdump #tenkai #testing #tigera #tilt #vert.x #wireshark #yaml
1593285540
How to use Azure Functions and secure configuration with Azure Key Vault
In this edition of Azure Tips and Tricks, you’ll learn how to use secure configuration for Azure Functions with Azure Key Vault. For more tips and tricks, vi
#azure #functions #key #vault