Mitchell Pronschinske, profile picture
Uploaded byMitchell Pronschinske
1,725 views

Dynamic Azure Credentials for Applications and CI/CD Pipelines

The document details a webinar on dynamic Azure credentials for applications and CI/CD pipelines presented by HashiCorp, highlighting its importance in maintaining security while transitioning to cloud infrastructure. Key topics include Vault's capabilities for managing secrets, the advantages of dynamic credentials, and a demonstration of how to secure CI/CD processes using Terraform. The session also covers benefits like unique application instance credentials, least privilege roles, and the ability to audit and revoke access easily.

Software
Related topics:
Microsoft Azure

Embed presentation

Downloaded 13 times
© 2019 HashiCorp Dynamic Azure Credentials for Applications and CI/CD Pipelines SE Webinar - July 21st, 2020 Kawsar Kamal - Staff Solution Engineer (http://kawsark.gitlab.io) Brianna DeLuca - Sr. Field Marketing Manager
Agenda ● Introductions (Brianna) - 5 ● Vault overview (Kawsar) - 10 ● Demo (Kawsar) - 20 ● Q/A (moderated by Brianna) - 15
Objectives ● Business driver: move to cloud while maintaining high security posture.
A generational transition is underway Traditional datacenter “Static” Modern datacenter “Dynamic” Dedicated infrastructure Private cloud SYSTEMS OF RECORD SYSTEMS OF ENGAGEMENT Public multi-cloud +
The HashiCorp Stack A control plane for every layer of the cloud operating model Run Development Cloud Application Automation Connect Networking Cloud Networking Automation Secure Security Cloud Security Automation Provision Operations Cloud Infrastructure Automation vSphere Various Hardware Identity: AD/LDAP Terraform EKS / ECS Lambda CloudApp/ AppMesh Identity: AWS IAM Cloud Formation AKS / ACS Azure Functions Proprietary Identity: Azure AD Resource Manager GKE Cloud Functions Proprietary Identity: GCP IAM Cloud Deployment Manager
Vault: Manage Secrets and Protect sensitive data *slide from HashiCorp corporate overview High Trust Long-lived IP, clear network perimeter. Low Trust No clear perimeter Mixed identities: Cloud, VMs, Container, Serverless Maintained by HashiCorp Written in Go Cloud agnostic Opensource community
Vault Manage Secrets and Protect sensitive Data Secrets management to centrally store and protect secrets across clouds and applications Data encryption to keep application data secure across environments and workloads Advanced Data Protection to secure workloads and data across traditional systems, clouds, and infrastructure. 300+ Enterprise Customers 1M+ Monthly D/Ls 2T+ Transactions Trusted by:
How Vault works
Azure plugins Dynamically generates Azure service principals along with role and group assignments. Or new password will be dynamically generated for existing service principals. The azure auth method allows authentication against Vault using Azure credentials. Azure Auth Method Azure Secrets Engine
Dynamic credentials
Demo: Dynamic credentials
Terraform Enterprise Demo: Securing CI/CD Pipeline Version Control CI/CD Terraform IaC (*.tf) AKS Workspace
Key benefits ● Azure credentials are unique to each application instance - no password sharing. ● Cloud credentials have least privilege roles to limit blast radius. ● Cloud credentials are time bound so in case of a credential leak, the risk of it being valid is limited. ● Credentials can be audited to check which application instance retrieved a secret. ● Easy to revoke credentials if needed.
Q/A
Resources Demo repository https://gitlab.com/kawsark/vault-azure-demo Azure Secrets Engine https://www.vaultproject.io/docs/secrets/azure Blog post https://medium.com/hashicorp-engineering/onboarding-the-azure-secrets-engine-for-vault-f09d48c68b69?sour ce=friends_link&sk=59acf7d78362a48bf6cb039385776114 Azure Authentication Method https://www.vaultproject.io/docs/auth/azure Webinar Assets This will be emailed Vault 1.4 Blog post https://www.hashicorp.com/blog/vault-1-4/ Deploying Vault in Kubernetes https://www.vaultproject.io/docs/platform/k8s/helm/run Terraform for AKS https://github.com/terraform-providers/terraform-provider-azurerm/tree/master/examples/kubernetes Transform Secrets Engine wrapper https://github.com/kawsark/transform.py

More Related Content

PDF
Demystifying Service Mesh
byMitchell Pronschinske
 
PPTX
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
byMitchell Pronschinske
 
PDF
Multi-Cloud with Nomad and Consul Connect
byMitchell Pronschinske
 
PDF
Migrating to Cloud Native Solutions
byinwin stack
 
PDF
Getting Started with Kubernetes and Consul
byMitchell Pronschinske
 
PDF
Modern application delivery with Consul
byMitchell Pronschinske
 
PPTX
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
byMitchell Pronschinske
 
PDF
Cloud Native 下的應用網路設計
byinwin stack
 
Demystifying Service Mesh
byMitchell Pronschinske
 
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
byMitchell Pronschinske
 
Multi-Cloud with Nomad and Consul Connect
byMitchell Pronschinske
 
Migrating to Cloud Native Solutions
byinwin stack
 
Getting Started with Kubernetes and Consul
byMitchell Pronschinske
 
Modern application delivery with Consul
byMitchell Pronschinske
 
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
byMitchell Pronschinske
 
Cloud Native 下的應用網路設計
byinwin stack
 

What's hot

PDF
Edge Orchestration & Federated Kubernetes Clusters - Open Networking Summit 2018
byCloudify Community
 
PDF
Understanding Service Mesh on Azure with HashiCorp Consul
byMitchell Pronschinske
 
PDF
Using Google Cloud Services with Spring Boot and Pivotal Cloud Foundry (Pivot...
byVMware Tanzu
 
PDF
運用高效、敏捷全新平台極速落實雲原生開發
byinwin stack
 
PPTX
Building Cloud Native Applications Using Azure Kubernetes Service
byDennis Moon
 
PDF
stackconf 2021 | Stretching the Service Mesh Beyond the Clouds
byNETWAYS
 
PDF
DevSecOps with Confidence
byVMware Tanzu
 
PDF
stackconf 2021 | Reference Architecture for a Cloud Native Digital Enterprise
byNETWAYS
 
PDF
Unlocking the Cloud operating model with GitHub Actions
byMitchell Pronschinske
 
PPTX
Adopting Azure, Cloud Foundry and Microservice Architecture at Merrill Corpor...
byVMware Tanzu
 
PDF
stackconf 2021 | Data Driven Security
byNETWAYS
 
PDF
NGINX Controller: faster deployments, fewer headaches
byKangaroot
 
PDF
Automating security in aws with divvy cloud
byJohn Varghese
 
PDF
Securing APIs for ultimate security and privacy with Azure | Codit Webinar
byCodit
 
PDF
Microservices at Scale: How to Reduce Overhead and Increase Developer Product...
byDevOps.com
 
PPTX
Swarm Computing Next Generation Clouds and the role of SOA
byJürgen Kress
 
PPTX
Cloud Native Demystified: Build Once, Run Anywhere!
byCodit
 
PPTX
Unlocking the Cloud Operating Model: Deployment
byMitchell Pronschinske
 
PPTX
Azure IPaaS: Integration Evolved! (Glenn Colpaert @TechdaysNL 2017)
byCodit
 
PDF
Delivering-Off-The-Shelf Software with Kubernetes- November 12, 2020
byVMware Tanzu
 
Edge Orchestration & Federated Kubernetes Clusters - Open Networking Summit 2018
byCloudify Community
 
Understanding Service Mesh on Azure with HashiCorp Consul
byMitchell Pronschinske
 
Using Google Cloud Services with Spring Boot and Pivotal Cloud Foundry (Pivot...
byVMware Tanzu
 
運用高效、敏捷全新平台極速落實雲原生開發
byinwin stack
 
Building Cloud Native Applications Using Azure Kubernetes Service
byDennis Moon
 
stackconf 2021 | Stretching the Service Mesh Beyond the Clouds
byNETWAYS
 
DevSecOps with Confidence
byVMware Tanzu
 
stackconf 2021 | Reference Architecture for a Cloud Native Digital Enterprise
byNETWAYS
 
Unlocking the Cloud operating model with GitHub Actions
byMitchell Pronschinske
 
Adopting Azure, Cloud Foundry and Microservice Architecture at Merrill Corpor...
byVMware Tanzu
 
stackconf 2021 | Data Driven Security
byNETWAYS
 
NGINX Controller: faster deployments, fewer headaches
byKangaroot
 
Automating security in aws with divvy cloud
byJohn Varghese
 
Securing APIs for ultimate security and privacy with Azure | Codit Webinar
byCodit
 
Microservices at Scale: How to Reduce Overhead and Increase Developer Product...
byDevOps.com
 
Swarm Computing Next Generation Clouds and the role of SOA
byJürgen Kress
 
Cloud Native Demystified: Build Once, Run Anywhere!
byCodit
 
Unlocking the Cloud Operating Model: Deployment
byMitchell Pronschinske
 
Azure IPaaS: Integration Evolved! (Glenn Colpaert @TechdaysNL 2017)
byCodit
 
Delivering-Off-The-Shelf Software with Kubernetes- November 12, 2020
byVMware Tanzu
 

Similar to Dynamic Azure Credentials for Applications and CI/CD Pipelines

PPTX
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
byStenio Ferreira
 
PPTX
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
byTom Kerkhove
 
PPTX
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
byTom Kerkhove
 
PPTX
Managing your secrets in a cloud environment
byTaswar Bhatti
 
PPTX
Azure Key Vault - Getting Started
byTaswar Bhatti
 
PPTX
Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
byTom Kerkhove
 
PPTX
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
byTom Kerkhove
 
PPTX
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
byCodit
 
PDF
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
byHashiCorp
 
PPTX
Vault Open Source vs Enterprise v2
byStenio Ferreira
 
PPTX
Vault Digital Transformation
byStenio Ferreira
 
PDF
Vault 101
byHazzim Anaya
 
PPTX
AzureSecurity - Day3 - Storage And Key Vault
by2nd Sight Lab
 
PPTX
Zero Credential Development with Managed Identities
byJoonas Westlin
 
PDF
Azure Meetup: Keep your secrets and configurations safe in azure!
bydotnetcode
 
PPTX
Zero Credential Development with Managed Identities for Azure resources
byJoonas Westlin
 
PPTX
Zero credential development with managed identities
byJoonas Westlin
 
PPTX
Zero credential development with managed identities
byJoonas Westlin
 
PDF
Service for Storing Secrets on Microsoft Azure.pdf
byZen Bit Tech
 
PDF
Secretsth-Azure-KeyVault-and-Azure-App.pdf
bys87j3
 
Hashicorp Chicago HUG - Secure and Automated Workflows in Azure with Vault an...
byStenio Ferreira
 
Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault
byTom Kerkhove
 
Intelligent Cloud Conference 2018 - Building secure cloud applications with A...
byTom Kerkhove
 
Managing your secrets in a cloud environment
byTaswar Bhatti
 
Azure Key Vault - Getting Started
byTaswar Bhatti
 
Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
byTom Kerkhove
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
byTom Kerkhove
 
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
byCodit
 
Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018
byHashiCorp
 
Vault Open Source vs Enterprise v2
byStenio Ferreira
 
Vault Digital Transformation
byStenio Ferreira
 
Vault 101
byHazzim Anaya
 
AzureSecurity - Day3 - Storage And Key Vault
by2nd Sight Lab
 
Zero Credential Development with Managed Identities
byJoonas Westlin
 
Azure Meetup: Keep your secrets and configurations safe in azure!
bydotnetcode
 
Zero Credential Development with Managed Identities for Azure resources
byJoonas Westlin
 
Zero credential development with managed identities
byJoonas Westlin
 
Zero credential development with managed identities
byJoonas Westlin
 
Service for Storing Secrets on Microsoft Azure.pdf
byZen Bit Tech
 
Secretsth-Azure-KeyVault-and-Azure-App.pdf
bys87j3
 

More from Mitchell Pronschinske

PDF
Code quality for Terraform
byMitchell Pronschinske
 
PPTX
Empowering developers and operators through Gitlab and HashiCorp
byMitchell Pronschinske
 
PPTX
Automate and simplify multi cloud complexity with f5 and hashi corp
byMitchell Pronschinske
 
PDF
Vault 1.5 Overview
byMitchell Pronschinske
 
PPTX
Using new sentinel features in terraform cloud
byMitchell Pronschinske
 
PDF
Military Edge Computing with Vault and Consul
byMitchell Pronschinske
 
PDF
Vault 1.4 integrated storage overview
byMitchell Pronschinske
 
PDF
Unlocking the Cloud Operating Model
byMitchell Pronschinske
 
PPTX
Cisco ACI with HashiCorp Terraform (APAC)
byMitchell Pronschinske
 
PPTX
Governance for Multiple Teams Sharing a Nomad Cluster
byMitchell Pronschinske
 
PDF
Integrating Terraform and Consul
byMitchell Pronschinske
 
PPTX
Keeping a Secret with HashiCorp Vault
byMitchell Pronschinske
 
PPTX
Modern Scheduling for Modern Applications with Nomad
byMitchell Pronschinske
 
PPTX
Moving to a Microservice World: Leveraging Consul on Azure
byMitchell Pronschinske
 
PPTX
Remote Culture at HashiCorp
byMitchell Pronschinske
 
PPTX
Rapid Infrastructure in Hybrid Environments
byMitchell Pronschinske
 
PDF
Vault 1.4 launch webinar
byMitchell Pronschinske
 
PDF
From Terraform OSS to Enterprise
byMitchell Pronschinske
 
PDF
Intermediate HCL: Configuration Languages in HCL2
byMitchell Pronschinske
 
PDF
Post quantum cryptography in vault (hashi talks 2020)
byMitchell Pronschinske
 
Code quality for Terraform
byMitchell Pronschinske
 
Empowering developers and operators through Gitlab and HashiCorp
byMitchell Pronschinske
 
Automate and simplify multi cloud complexity with f5 and hashi corp
byMitchell Pronschinske
 
Vault 1.5 Overview
byMitchell Pronschinske
 
Using new sentinel features in terraform cloud
byMitchell Pronschinske
 
Military Edge Computing with Vault and Consul
byMitchell Pronschinske
 
Vault 1.4 integrated storage overview
byMitchell Pronschinske
 
Unlocking the Cloud Operating Model
byMitchell Pronschinske
 
Cisco ACI with HashiCorp Terraform (APAC)
byMitchell Pronschinske
 
Governance for Multiple Teams Sharing a Nomad Cluster
byMitchell Pronschinske
 
Integrating Terraform and Consul
byMitchell Pronschinske
 
Keeping a Secret with HashiCorp Vault
byMitchell Pronschinske
 
Modern Scheduling for Modern Applications with Nomad
byMitchell Pronschinske
 
Moving to a Microservice World: Leveraging Consul on Azure
byMitchell Pronschinske
 
Remote Culture at HashiCorp
byMitchell Pronschinske
 
Rapid Infrastructure in Hybrid Environments
byMitchell Pronschinske
 
Vault 1.4 launch webinar
byMitchell Pronschinske
 
From Terraform OSS to Enterprise
byMitchell Pronschinske
 
Intermediate HCL: Configuration Languages in HCL2
byMitchell Pronschinske
 
Post quantum cryptography in vault (hashi talks 2020)
byMitchell Pronschinske
 

Recently uploaded

PDF
Doctor On Call App Development for Digital Healthcare.
byV3CUBE TECHNOLABS
 
PPTX
How CFD Simulations Support Sustainable Data Center Design Optimization
byWeb Synergies
 
PPTX
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
DOCX
A Comprehensive Guide To Buy Verified PayPal Accounts_.docx
bysmartusapva.com
 
PDF
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
PDF
SAP ERP to SAP S_4HANA Cloud Private Edition Delta Scope
bychuck78
 
PDF
Build Modern Applications with Amazon Aurora DSQL- AWS User Group Bonn 2026
byVadym Kazulkin
 
PDF
Prompt Engineering vs Content Engineering vs RAG.pdf
byVineet Sharma
 
PDF
Lost Android Phone Recovery_ Steps That Work Fast.pdf
byIsabella Reed
 
PDF
Powering Spring AI with Model Context Protocol Integration
byJuarez Junior
 
PDF
The Ultimate Guide to Real Estate Tokenization Platforms
byDaniel Smith
 
PDF
openstack_operations_slides_version1.3_pp.pdf
byssuser47d511
 
PPTX
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
PDF
On Demand Massage Therapist Booking App Development
byV3CUBE TECHNOLABS
 
PDF
Ready, Set, REST! Introducing MySQL's Built-In REST Service
byMiguel Araújo
 
PDF
eresource Xcel ERP for Maunfacturing - Best Manufacturing ERP for SME
byeresource Infotech Pvt.Ltd
 
PDF
Mastering Zero-Allocation Parsers: A Deep Dive into High-Performance C#
byVineet Sharma
 
PDF
Building Smarter AI: 16 RAG Approaches for Accuracy, Memory, and Reasoning Vi...
byVineet Sharma
 
PDF
Versnel innovatie met GitHub Enterprise - Rick Smit GitHub
byDelta-N
 
PDF
Clean Architecture with Vertical Slice Architecture in .NET 8
byVineet Sharma
 
Doctor On Call App Development for Digital Healthcare.
byV3CUBE TECHNOLABS
 
How CFD Simulations Support Sustainable Data Center Design Optimization
byWeb Synergies
 
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
A Comprehensive Guide To Buy Verified PayPal Accounts_.docx
bysmartusapva.com
 
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
SAP ERP to SAP S_4HANA Cloud Private Edition Delta Scope
bychuck78
 
Build Modern Applications with Amazon Aurora DSQL- AWS User Group Bonn 2026
byVadym Kazulkin
 
Prompt Engineering vs Content Engineering vs RAG.pdf
byVineet Sharma
 
Lost Android Phone Recovery_ Steps That Work Fast.pdf
byIsabella Reed
 
Powering Spring AI with Model Context Protocol Integration
byJuarez Junior
 
The Ultimate Guide to Real Estate Tokenization Platforms
byDaniel Smith
 
openstack_operations_slides_version1.3_pp.pdf
byssuser47d511
 
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
On Demand Massage Therapist Booking App Development
byV3CUBE TECHNOLABS
 
Ready, Set, REST! Introducing MySQL's Built-In REST Service
byMiguel Araújo
 
eresource Xcel ERP for Maunfacturing - Best Manufacturing ERP for SME
byeresource Infotech Pvt.Ltd
 
Mastering Zero-Allocation Parsers: A Deep Dive into High-Performance C#
byVineet Sharma
 
Building Smarter AI: 16 RAG Approaches for Accuracy, Memory, and Reasoning Vi...
byVineet Sharma
 
Versnel innovatie met GitHub Enterprise - Rick Smit GitHub
byDelta-N
 
Clean Architecture with Vertical Slice Architecture in .NET 8
byVineet Sharma
 

Dynamic Azure Credentials for Applications and CI/CD Pipelines

  • 1.
    © 2019 HashiCorp DynamicAzure Credentials for Applications and CI/CD Pipelines SE Webinar - July 21st, 2020 Kawsar Kamal - Staff Solution Engineer (http://kawsark.gitlab.io) Brianna DeLuca - Sr. Field Marketing Manager
  • 2.
    Agenda ● Introductions (Brianna)- 5 ● Vault overview (Kawsar) - 10 ● Demo (Kawsar) - 20 ● Q/A (moderated by Brianna) - 15
  • 3.
    Objectives ● Business driver:move to cloud while maintaining high security posture.
  • 4.
    A generational transitionis underway Traditional datacenter “Static” Modern datacenter “Dynamic” Dedicated infrastructure Private cloud SYSTEMS OF RECORD SYSTEMS OF ENGAGEMENT Public multi-cloud +
  • 5.
    The HashiCorp Stack Acontrol plane for every layer of the cloud operating model Run Development Cloud Application Automation Connect Networking Cloud Networking Automation Secure Security Cloud Security Automation Provision Operations Cloud Infrastructure Automation vSphere Various Hardware Identity: AD/LDAP Terraform EKS / ECS Lambda CloudApp/ AppMesh Identity: AWS IAM Cloud Formation AKS / ACS Azure Functions Proprietary Identity: Azure AD Resource Manager GKE Cloud Functions Proprietary Identity: GCP IAM Cloud Deployment Manager
  • 6.
    Vault: Manage Secretsand Protect sensitive data *slide from HashiCorp corporate overview High Trust Long-lived IP, clear network perimeter. Low Trust No clear perimeter Mixed identities: Cloud, VMs, Container, Serverless Maintained by HashiCorp Written in Go Cloud agnostic Opensource community
  • 7.
    Vault Manage Secrets andProtect sensitive Data Secrets management to centrally store and protect secrets across clouds and applications Data encryption to keep application data secure across environments and workloads Advanced Data Protection to secure workloads and data across traditional systems, clouds, and infrastructure. 300+ Enterprise Customers 1M+ Monthly D/Ls 2T+ Transactions Trusted by:
  • 8.
  • 9.
    Azure plugins Dynamically generatesAzure service principals along with role and group assignments. Or new password will be dynamically generated for existing service principals. The azure auth method allows authentication against Vault using Azure credentials. Azure Auth Method Azure Secrets Engine
  • 10.
  • 11.
  • 12.
    Terraform Enterprise Demo: SecuringCI/CD Pipeline Version Control CI/CD Terraform IaC (*.tf) AKS Workspace
  • 13.
    Key benefits ● Azurecredentials are unique to each application instance - no password sharing. ● Cloud credentials have least privilege roles to limit blast radius. ● Cloud credentials are time bound so in case of a credential leak, the risk of it being valid is limited. ● Credentials can be audited to check which application instance retrieved a secret. ● Easy to revoke credentials if needed.
  • 14.
  • 15.
    Resources Demo repository https://gitlab.com/kawsark/vault-azure-demo AzureSecrets Engine https://www.vaultproject.io/docs/secrets/azure Blog post https://medium.com/hashicorp-engineering/onboarding-the-azure-secrets-engine-for-vault-f09d48c68b69?sour ce=friends_link&sk=59acf7d78362a48bf6cb039385776114 Azure Authentication Method https://www.vaultproject.io/docs/auth/azure Webinar Assets This will be emailed Vault 1.4 Blog post https://www.hashicorp.com/blog/vault-1-4/ Deploying Vault in Kubernetes https://www.vaultproject.io/docs/platform/k8s/helm/run Terraform for AKS https://github.com/terraform-providers/terraform-provider-azurerm/tree/master/examples/kubernetes Transform Secrets Engine wrapper https://github.com/kawsark/transform.py