Brian Gorman

Microsoft Azure MVP, Speaker, Author, Trainer and .NET Developer

Protecting Your Secrets using Azure Key Vault, Azure App Configuration, GitHub and C# MVC

Speaker's Biography

Brian is a Microsoft Azure MVP and is an experienced speaker, author, trainer, and .NET developer with MCSA: Web App Certification, MCSD: App Builder, and eleven Azure certifications including Azure Developer, Administrator, DevOps, Architect, Data Administrator, Security, IoT, CosmosDB, and a number of Fundamentals certifications, and has been an MCT since April of 2019. Brian has a masters of science degree in computer information systems, and a bachelor of science degree in computer science. Additionally, Brian has around fifteen years of experience instructing college courses online in computer science, SQL databases, C#/VB.NET/and Java object-oriented programming, and Microsoft Office. Brian has created many online technical training courses that can be found online on various platforms. Brian has also published multiple books with APress, including 'Practical Entity Framework' and the second edition 'Practical Entity Framework Core 6'. Brian's latest book, Developing Solutions for Microsoft Azure Certification Companion: Hands-on Preparation and Practice for Exam AZ-204 was released in May of 2023.

Talk Abstract

Your team has been working well for a long time, but developers keep checking in the connection strings to Azure Services (like SQL Databases and Storage). You know that once you check in a secret it should be considered compromised so you've built a robust rotation strategy and you are ready to move forward, but you want to solve the real problem, which is preventing the team from checking in (and even knowing) what your secrets are. Another problem that you noticed is that Application Insights and your users are logging sensitive information that needs to be sanitized.

In this session you will learn how to get notifications when users have checked in secrets using GitHub and third-party tools. You'll also see how to leverage secrets in your code without having to know the secrets, both locally and at Azure via the Azure Key Vault.

You will then learn how to leverage secrets that need to be shared to Azure App Configuration and have the ability to use them from your local and Azure environments.

To complete the journey, you will then learn how to capture output before committing to your logs (or app insights) with a few simple code changes to make sure that sensitive information is sanitized before being permanently recorded.

Our Speakers

Adora Nwodo

Senior Software Engineer & Multi-Published Author

Ahmet Faruk Ulu

Software Developer at Volosoft

Alberto Acerbis

Passionate dev, Author, Learner

Alexej Sommer

Lead Software Engineer at Capgemini

Aman Sharma

Senior Software Developer at WAi Technologies

Cecil Phillip

Developer Advocate at Stripe

Dino Esposito

CTO at Crionet

Engincan Veske

Software Engineer at Volosoft. Core team member of ABP Framework.

Ferdinando Santacroce

Uncovering Better Ways of Developing Software and Organizations

Halil Ibrahim Kalkan

Co-Founder of Volosoft

Hannes Lowette

Microsoft MVP, Head of Learning & Development at Axxes

Irina Scurtu

Microsoft MVP, Software Architect at Dsi Solutions

Jamie Taylor

.NET developer at RJJ Software LTD

Jessica Engström

Passionate People Centric Technologist

Jimmy Engström

Microsoft MVP

Johan Smarius

Microsoft MVP on .NET and DevOps, Software Developer at JMAC Software Solutions

Juergen Gutsch

Software Engineer at the YOO AG

Kaushik Gokhale

Senior Software Developer at WAi Technologies

Mitchel Sellers

Founder/CEO/Director of Development at IowaComputerGurus Inc.

Nicola Iarocci

Software Craftsman at CIR 2000

Omkar Choudhari

CTO at WAi Technologies

Rebai Hamida

Microsoft MVP and MCT, Docker Captain, Cloud Solutions Architect, Speaker, Author

Ryan Niño Dizon

Software Development Lead at ISD Feniqs

Sergei Gorlovetsky

CTO at Decision Tree Technology

Shaun Lawrence

Senior Software Engineer working in all things .NET at Tinysoft Ltd

Stefan Pölz

Clean C# Coder – Test-driven .NET Developer

Todd Gardner

CEO and Founder at TrackJS and Request Metrics

Wojciech Krasa

Full Stack Developer at HeadChannel