Download to read offline
Uploaded byRick van den Bosch
Configuration in azure done right
This document provides an overview of configuration options in Azure, including application settings, App Configuration, Key Vault, and Managed Identities for Azure Resources. It begins with an introduction to configuration and then discusses each option in more detail, providing demos of application settings, App Configuration, and Key Vault. The document emphasizes that these tools can help centralize and secure configuration across environments while simplifying administration.
More Related Content
Similar to Configuration in azure done right
![[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud](https://cdn.slidesharecdn.com/ss_thumbnails/fs0fswrr36f3q9puu3u6-signature-d4523b3bf020616e67040d2a940ba8bf9aeab187b20da49956548f98de22ea12-poli-180606121949-thumbnail.jpg?width=640&height=640&fit=bounds)
Configuration in azure done right
- 1.
- 2. Rick van denBosch @rickvdbosch rickvandenbosch.net rickvdbosch@outlook.com
- 3. Agenda • Introduction • ApplicationSettings • App Configuration • Key Vault • Managed Identities for Azure Resources • Closing
- 4.
- 5. What is configuration? “Configurationfiles are files used to configure the parameters and initial settings for some computer programs.”
- 6.
- 7.
- 8.
- 9. Application Settings • Variablespassed as environment variables to the application code • ASP.NET (Core): • like <appSettings> in web.config or appsettings.json • values override the ones in web.config or appsettings.json • DEV settings in web.config or appsettings.json, PRD values in App Settings • Encrypted-at-rest • Hidden by default • Bulk edit
- 10.
- 11.
- 12. App Configuration Universal, fullymanaged configuration store Fast retrieval of configurations for any Azure application Complete data encryption, at rest or in transit Native integration with popular frameworks such as .NET and Java Spring
- 13. Reduce configuration complexityacross multiple environments
- 14. Improve security byseparating configuration from code
- 15.
- 16.
- 17. Key Vault • SecretsManagement • Key Management • Certificate Management • Store secrets backed by Hardware Security Modules
- 18. Why use KeyVault? • Centralize application secrets • Securely store secrets and keys • Monitor access and use • Simplified administration of application secrets • Integrate with other Azure services
- 19. Key Vault • Toolfor securely storing and accessing secrets • A vault is a logical group of secrets • Authentication needed 1. Service principal and secret 2. Service principal and certificate 3. Managed Identity
- 20.
- 21.
- 22. Managed Identities forAzure Resources • Provide Azure services with a managed identity in Azure AD • Use the identity to authenticate to any service (that supports Azure AD authentication)
- 23. Supporting services –Managed Identity “We are in the process of integrating managed identities for Azure resources and Azure AD authentication across Azure.” • Azure Virtual Machines • Azure Virtual Machine Scale Sets • Azure App Service • Azure Blueprints • Azure Functions • Azure Logic Apps • Azure Data Factory V2 • Azure API Management • Azure Container Instances • Azure Container Registry Task
- 24. Supporting services –Azure AD Auth. “We are in the process of integrating managed identities for Azure resources and Azure AD authentication across Azure.” • Azure Resource Manager • Azure Key Vault • Azure Data Lake • Azure SQL • Azure Event Hub • Azure Service Bus • Azure Storage blobs and queues • Azure Analysis Services
- 25.
- 26.
- 27.
- 28.
Editor's Notes
- #6 Things like settings how an application works, e-mail addresses to send email from or connection strings to resources like databases.
- #18 Tokens, passwords, certificates, API keys, and other secrets Encryption keys Certificates! The secrets and keys can be protected either by software or FIPS 140-2 Level 2 validated HSMs
- #20 Secret: rotation Certificate: rotation Managed Identity