Brian Gorman
Talk
Protecting Your Secrets using Azure Key Vault, Azure App Configuration, GitHub and C# MVC
Speaker's Biography
Brian is a Microsoft Azure MVP and is an experienced speaker, author, trainer, and .NET developer with MCSA: Web App Certification, MCSD: App Builder, and eleven Azure certifications including Azure Developer, Administrator, DevOps, Architect, Data Administrator, Security, IoT, CosmosDB, and a number of Fundamentals certifications, and has been an MCT since April of 2019. Brian has a masters of science degree in computer information systems, and a bachelor of science degree in computer science. Additionally, Brian has around fifteen years of experience instructing college courses online in computer science, SQL databases, C#/VB.NET/and Java object-oriented programming, and Microsoft Office. Brian has created many online technical training courses that can be found online on various platforms. Brian has also published multiple books with APress, including 'Practical Entity Framework' and the second edition 'Practical Entity Framework Core 6'. Brian's latest book, Developing Solutions for Microsoft Azure Certification Companion: Hands-on Preparation and Practice for Exam AZ-204 was released in May of 2023.Talk Abstract
Your team has been working well for a long time, but developers keep checking in the connection strings to Azure Services (like SQL Databases and Storage). You know that once you check in a secret it should be considered compromised so you've built a robust rotation strategy and you are ready to move forward, but you want to solve the real problem, which is preventing the team from checking in (and even knowing) what your secrets are. Another problem that you noticed is that Application Insights and your users are logging sensitive information that needs to be sanitized.
In this session you will learn how to get notifications when users have checked in secrets using GitHub and third-party tools. You'll also see how to leverage secrets in your code without having to know the secrets, both locally and at Azure via the Azure Key Vault.
You will then learn how to leverage secrets that need to be shared to Azure App Configuration and have the ability to use them from your local and Azure environments.
To complete the journey, you will then learn how to capture output before committing to your logs (or app insights) with a few simple code changes to make sure that sensitive information is sanitized before being permanently recorded.