Secure deployments keeping your application secrets private -duug fest

•Download as PPTX, PDF•

0 likes•319 views

This document discusses several approaches for securely managing secrets in deployments, including using a release orchestrator, ARM templates, accessing secrets directly from Key Vault, and accessing supported services directly. It recommends using a release orchestrator for existing situations, ARM templates to avoid duplicating secrets manually, and directly accessing Key Vault or supported services when possible to allow secrets to be automatically picked up on deployment and rolled more easily. Config builders are also presented as a way to handle secrets for local development and deployments.

Software

SECURE DEPLOYMENTS
KEEPING YOUR
SECRETS PRIVATE
Henry Been
"Locks" (CC BY-NC-ND 2.0) by wolf4max

WONDERING WHO
IS THAT GUY?
HENRY BEEN
Independent Devops & Azure Architect
E: consultancy@henrybeen.nl
T: @henry_been
L: linkedin.com/in/henrybeen
W: henrybeen.nl

THE NEED FOR SECRET MANAGEMENT
Develop Build Deploy Operate
Dev Ops
DevOps

Secret management goals
No team member needs
production access
Frequently
change secrets
Decouple authentication
from authorization
No secrets in
source control

1. Let operations deploys
2. Enter manually in the portal
3. Encrypted in source control
4. Use once, obscure https endpoint
HOW NOT TO..

Approach 1
USING RELEASE ORCHESTRATOR
VSTS
Secrets
Azure Web AppCode

USING RELEASE ORCHESTRATOR
• Secrets are pretty secure
• Easy to start with
• Fits existing situations
• You see and copy secrets
• Secrets visible in portal
• Duplication of secrets
• Cannot roll secrets easily
Pros Cons

Prerequisite: Have primary & secondary secrets
1. Change the secret in release orchestrator to secondary secret
2. Release
3. Roll primary secret
4. Change the secret in release orchestrator to primary secret
5. Release
6. Roll secondary secret
Intermezzo: Roll a secret

Approach 2
USING ARM TEMPLATES
Azure
Web App
Key Vault
VSTSCode & Infra

USING ARM TEMPLATES
• No manual copying or
sharing of secrets
• No more manual
duplication of Azure keys
• Secrets visible in portal
• Still cannot roll secrets
easily
Pros Cons

Approach 3
DIRECTLY FROM KEY VAULT
VSTS
Azure
Web App
Code & Infra
Key Vault

HOWTO: Local Development
1. Grant your developer account access to (another) Key Vault
• Best alternative
• Requires your machine to be in the same AD domain
2. Only use Key Vault in Azure (locally use Web.config)
• You have to write code to do this (though pretty straightforward)
3. Manually create a development identity and use that
• However… do not check secrets into source control

DIRECTLY ACCESS KEY VAULT
• No manual copying or
sharing of secrets
• No more duplication of
Azure keys
• Secrets no longer visible
in portal
• Changed secrets are
automatically picked up
• Only available on Azure
Web Apps, Azure
Functions and
DataFactory V2
Pros Cons

Approach 4
DIRECTLY ACCESS SERVICE
VSTS
Azure
Web App
Code & Infra
AAD
Other Service

DIRECTLY ACCESS SERVICE
• No more secrets • Only available on Azure
Web Apps, Azure Functions
and DataFactory V2
• Only on supported services
Pros Cons

Supported services
• Azure Resource Manager
• Azure Key Vault
• Azure Data Lake
• Azure SQL DB
• Azure Event Hubs
• Azure Service Bus
• Azure Storage
https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/services-support-msi

SECRETS
FOR LOCAL
DEVELOPMENT
AND DEPLOYMENTS
USING CONFIG BUILDERS
Requires:
• (.NET Framework ≥ 4.7.1 &&.NET Framework
4.7.1 Development Tools) || ASP.NET Core 2.0

CONFIG BUILDERS
Runtime
AppSettings
App.config ConfigBuilders

Using .NET Framework
How I made it work…

Premade config builders
• EnvironmentConfigBuilder
• UserSecretsConfigBuilder
• AzureKeyVaultConfigBuilder
• KeyPerFileConfigBuilder
• SimpleJsonConfigBuilder
https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/services-support-msi

Use your release orchestrator
Manual deployment NEVER EVER EVUHRR
When you deploy only code
Keyvault and ARM templates When you also deploy infra
Application identity / KeyVault When available & possible
Application identity / Oauth resource When available & possible
WHAT TO USE WHEN?
Config builders When available & possible

DO TRY THIS AT HOME!
HENRY BEEN
Independent Devops & Azure Architect
E: consultancy@henrybeen.nl
T: @henry_been
L: linkedin.com/in/henrybeen
W: henrybeen.nl

This document discusses different approaches for managing secrets securely in DevOps deployments. It presents four approaches: 1) using a release orchestrator which allows viewing secrets, 2) using ARM templates which prevents viewing secrets but they must be duplicated, 3) directly accessing key vault which prevents viewing and duplication of secrets but is only available on some Azure services, and 4) directly accessing other services which has the same benefits as 3 but is limited to supported services. The document recommends choosing an approach based on how code and infrastructure are deployed and what capabilities the services support. It also demonstrates config builders for managing secrets locally and in the cloud.

Henry Been - Secure development: keeping your application secrets private

Henry Been

Do you still store secrets in source control? Are your secrets safely stored, but are you struggling to distribute them to your applications? Do you feel this should be easy, but you can’t just find out how? In this session, Henry will take you on a journey that starts with passwords in source control. From there he will quickly take you along on a series of improvements to make both local development and production deployments more and more secure with every change. Along the way, you will learn how to use Azure Key Vault, Azure Active Directory (AAD) and App Service Managed Instance to get everyone on a need to know basis. Finally, you will see how forgetting about keys, certificates and passwords completely and just using AAD could solve all your problems. That is.., if everyone would just use AAD!

Implementing the Top 10 AWS Security Best Practices

Sebastian Taphanel CISSP-ISSEP

Web app development with Flask

Jasim Muhammed

Jasim Muhammed is a senior software engineer at Nuventure who works with technologies like Flask, SQLAlchemy, grunt, jQuery, Jenkins and Ansible. He offers to help prepare a development environment, build a sample Fortune Cookie app and Flaskr app using Flask Classy, and provides some production tips including using custom exceptions, test coverage, form validation, single page apps, and message queues. He provides his email and website for contact.

The moment my site got hacked

Marko Heijnen

Build Nodejs APIs using Serverless

Simona Cotin

Serverless lets you focus on coding and testing instead of provisioning infrastructure, configuring web servers, debugging your configuration, managing security settings, and all the drudgery normally associated with getting an app up and running. In this session with, you’ll discover how to migrate an API of an existing app to Azure Functions. You’ll learn how to use Visual Studio Code and the Azure Functions extension to speed up your work. After this session, you’ll join the ranks of serverless developers.

Ansible

Jasim Muhammed

Spring Boot with Quartz

David Kiss

This document outlines how to create a distributed Spring Boot application using Quartz for scheduling jobs. It discusses project structure, configuring Quartz properties, initializing Quartz tables with Liquibase, autowiring Quartz jobs in Spring Boot, different Quartz configuration options, a sample Quartz job class, and how to run the application. Source code for the demo application is available on GitHub.

Azure Functions make it easy to create and host webhook interfaces without maintaining a server. You can quickly setup an endpoint to receive data and act on it. Being able to ingest, process, and respond to data from a variety of sources without building out an infrastructure gives you time to focus on building functionality. In this presentation, Nick Zimmerman, Sr. Site Reliability Engineer at SparkPost, will show you how to setup an Azure Function, accept webhook data, process that data with C#, and integrate that data into an application in real time.

Get set.. Introduction to Windows Azure Development

Thomas Robbins

java in cloud - adopt cloud dev's DHARMA

Hochi Chuang

How to Hack (And Secure) Serverless Apps on Azure

Dean Bryen

This document provides an overview of security best practices for serverless applications on Azure Functions. It identifies common security issues such as vulnerable dependencies, lack of authentication, improper secrets management, and information leakage. It then provides recommendations to address each issue, such as using WAFs, running dependency scans, enforcing HTTPS, restricting identity permissions, storing secrets in Key Vault, and implementing proper exception handling.

Secrets as Code

Johann Gyger

You successfully managed to treat your infrastructure as code. And your application config is kept in version control as well. Wait! What did you do with your DB passwords and API tokens? Secrets need special treatment to fully automate your deployment pipeline. In this talk, I will show you how. Slide deck from my Jazoon TechDays presentation from 7 Sep 2019, recorded here: https://www.youtube.com/watch?v=Ip8eTPj3Jsk

Zero Credential Development with Managed Identities for Azure resources

Joonas Westlin

True story of re architecting website for scale on windows azure

Sergejus Barinovas

The document discusses how a Lithuanian startup re-architected their website on Windows Azure to address scaling issues as their traffic grew from 20,000 to potential spikes of 50 page views per second, including moving content to blob storage, splitting the database and hosting across multiple VMs, and leveraging other Azure services like caching. It describes the scaling issues encountered at various traffic levels and how the site was restructured on Azure with different computing, data, and networking services to allow for flexibility and scalability.

Firebase.pptx

siddhiiAgarwal

Firebase is a backend-as-a-service platform that allows developers to build apps faster without maintaining their own backend servers. It provides real-time database functionality, social login capabilities, and authentication services like user signup and login. Developers can integrate Firebase into their Android, iOS, and web apps with some basic configuration steps for each platform to start using its features and benefits like syncing data in real-time and providing a faster experience than traditional web services.

Firebase.pptx

TanviBudhabaware

Firebase is a backend-as-a-service platform that allows developers to build apps faster without needing their own backend server. It provides real-time data syncing across devices, a NoSQL database for faster access than traditional web services, and social network authentication with only a few lines of code. Integrating Firebase into a Flutter app requires some basic configuration for Android, iOS, and web platforms to set up Firebase services and features like authentication.

Jumpstarting Your Cloud Journey with OSS on Amazon Lightsail

Amazon Web Services

Interested in getting started in the cloud but unsure where to start? Already working in the cloud but feeling a bit overwhelmed? In this session we're going to take a look at how you can kickstart your cloud journey by leveraging open source blueprints on Amazon Lightsail. We will start with a quick overview of cloud computing and Amazon Lightsail, from there we'll look at how Lightsail supports a variety of open source applications and dev stacks. We'll deploy and scale a MEAN stack application and finish up showing how you can use custom blueprints to deploy whatever package you like. - a talk by Mike Coleman, Developer Advocate, Amazon Web Services, at the Open Source Summit North America, August 2018.

Using Cookies to Store Your Postman Secrets

Postman

The document discusses using cookies to securely store secrets and API keys in Postman. It describes storing encrypted values in cookies rather than environments to avoid exposing secrets. The code examples show how to get, set, and encrypt/decrypt values in cookies to use in Postman sessions and tests. Developers are advised to implement role-based access control, avoid sharing secrets publicly, and carefully manage what data is synced or exposed.

OWIN Why should i care?

Terence Kruger

OWIN decouples web applications from the servers that host them, allowing applications to be run on different servers and making development and hosting more modular. It defines a standard interface between web servers and web applications so that applications can be run on IIS, self-hosted, or other servers. OWIN applications are defined as functions that read requests and return responses without dependencies on IIS or ASP.NET.

Deploying and Scaling Your First Cloud Application with Amazon Lightsail

AWS Germany

Are you looking to move to the cloud, but aren’t sure quite where to start? Are you already using AWS, and are looking for ways to simplify some of your workflows? If you answered “yes” (or even “maybe”) to either one of those questions, this session / hands-on workshop is for you. We’re going to take you through using Amazon Lightsail, an AWS service that provides the quickest way to get started in the cloud, to deploy and scale an application on AWS.

Programming with Azure Active Directory

Joonas Westlin

DDD Melbourne 2014 security in ASP.Net Web API 2

Pratik Khasnabis

Active Authentication to Protect IT Assets - Onion ID

banerjeea

This document discusses the challenges of authenticating access to infrastructure and proposes active authentication as a solution. The status quo involves usernames/passwords, SSH keys, IP filters and VPNs. However, IT infrastructure has expanded to include cloud servers, mobile devices and containers. A variety of users now need access, including developers and third parties. This poses challenges like outsourcing, flexibility for multiple dev teams, and high velocity cloud changes. Threats include employee churn, compliance issues, and an expanded attack surface. Going forward, the document proposes active authentication that analyzes every command based on risk level, connection statistics, and takes actions like 2FA. This can help with concepts like least privilege and risk scoring while ensuring compliance. Continuous

Active authentication to protect IT assets

Plesk

This document discusses challenges with current IT infrastructure security and proposes active authentication as a solution. The status quo relies on usernames/passwords, SSH keys, IP filters and VPNs but faces challenges from IT outsourcing, inflexible systems unable to keep up with high velocity cloud changes, employee churn, and a changing attack surface. Going forward, the document recommends active authentication to analyze every command run and take actions like invisible two-factor authentication based on the risk of commands, in order to implement least privilege, continuously learn, and meet compliance standards through automated reporting and controls.

Heroku cloud platform

Hasan Khatib

Secure your Azure Web App 2019

Frans Lytzen

The document provides an overview of how to securely host a web app in Azure App Services. It discusses key concepts for preventing, detecting, and mitigating security threats from both external and internal actors. It then covers specific techniques for securing access, managing secrets, isolating networks, encrypting data, and detecting threats. The goal is to give the reader an overview of security best practices so they can choose the right approaches for their app and risk level.

Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault

Tom Kerkhove

Zero credential development with managed identities

Joonas Westlin

What's hot

Build a REST API for your Mobile Apps using Node.js

Stormpath

Webhooks with Azure Functions - Live 360 Conference

SparkPost

Get set.. Introduction to Windows Azure Development

Thomas Robbins

java in cloud - adopt cloud dev's DHARMA

Hochi Chuang

How to Hack (And Secure) Serverless Apps on Azure

Dean Bryen

Secrets as Code

Johann Gyger

Zero Credential Development with Managed Identities for Azure resources

Joonas Westlin

True story of re architecting website for scale on windows azure

Sergejus Barinovas

Firebase.pptx

siddhiiAgarwal

Firebase.pptx

TanviBudhabaware

Jumpstarting Your Cloud Journey with OSS on Amazon Lightsail

Amazon Web Services

Using Cookies to Store Your Postman Secrets

Postman

OWIN Why should i care?

Terence Kruger

Deploying and Scaling Your First Cloud Application with Amazon Lightsail

AWS Germany

Programming with Azure Active Directory

Joonas Westlin

DDD Melbourne 2014 security in ASP.Net Web API 2

Pratik Khasnabis

Active Authentication to Protect IT Assets - Onion ID

banerjeea

Active authentication to protect IT assets

Plesk

Heroku cloud platform

Hasan Khatib

What's hot (19)

Build a REST API for your Mobile Apps using Node.js

Webhooks with Azure Functions - Live 360 Conference

Get set.. Introduction to Windows Azure Development

java in cloud - adopt cloud dev's DHARMA

How to Hack (And Secure) Serverless Apps on Azure

Secrets as Code

Zero Credential Development with Managed Identities for Azure resources

True story of re architecting website for scale on windows azure

Firebase.pptx

Jumpstarting Your Cloud Journey with OSS on Amazon Lightsail

Using Cookies to Store Your Postman Secrets

OWIN Why should i care?

Deploying and Scaling Your First Cloud Application with Amazon Lightsail

Programming with Azure Active Directory

DDD Melbourne 2014 security in ASP.Net Web API 2

Active Authentication to Protect IT Assets - Onion ID

Active authentication to protect IT assets

Heroku cloud platform

Similar to Secure deployments keeping your application secrets private -duug fest

Secure your Azure Web App 2019

Frans Lytzen

Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault

Tom Kerkhove

Zero credential development with managed identities

Joonas Westlin

Secure your web app presentation

Frans Lytzen

So you have deployed your web app to Azure. Now, how do you make it more secure and compliant? In this fast-paced talk we will run through an overview of some of the Azure technologies that you can use to better protect your web applications in Azure - all depending on your required security level, of course. The talk will set out a framework for you to consider which protections you want to put in place and provide you with the awareness of the tools at your disposal. https://www.lytzen.name/talks/Securing_web_apps_in_azure.html

PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...

Puppet

The document discusses securing secrets for Puppet infrastructure without slowing down automation. It acknowledges that many organizations manually copy secrets or store them insecurely due to time pressures. However, exploits are increasingly targeting insecure secrets. The document proposes using the open source CyberArk Conjur tool to authenticate and authorize machine identities to retrieve secrets in a secure workflow. It provides an example of updating Puppet manifests to use Conjur for dynamic secrets retrieval without overhauling existing code. Overall, the document advocates aligning security and velocity through identity-based secrets management to reduce risks and costs from security incidents.

Passwordless Development using Azure Identity

Sarah Dutkiewicz

Secure Your Code Implement DevSecOps in Azure

kloia

Intelligent Cloud Conference 2018 - Building secure cloud applications with A...

Tom Kerkhove

Zero Credential Development with Managed Identities

Joonas Westlin

Keys are always needed to access services in Azure and beyond. Storing and managing keys presents many problems, for example rotating and disabling them. Keys often also allow blanket access to the service with no way to limit it. Sometimes there is only one key that needs to be shared by services, so you won't have any way to disable access from one individually. In this talk we will go through Managed Identities for Azure Resources, how they work, and how you can use them to use Azure services in a secure way without having to manage any keys yourself. We will go through a demo application which uses various Azure services through a managed identity, removing the need to use keys entirely. The source code will be available to the audience so they have samples that they can use to implement managed identities in their own applications.

Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault

Tom Kerkhove

Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)

Codit

ITProceed 2015 - Securing Sensitive Data with Azure Key Vault

Tom Kerkhove

Security has become more and more important as we move to the cloud and countries & companies are being hacked – remember the Sony hack? But how do we securely store sensitive data such as connection strings to our databases? Where do we store our encryption keys? Can I share them with my customers? How do I prevent abuse of my secrets and block them from doing so? That’s what this session is all about – I will introduce you to the concepts of Microsoft Azure Key Vault where you can use this as it allows you to securely store keys, credentials and other secrets in the cloud. We will also have a look at how it enables us to store encryption keys for SQL Server TDE and how it can help you safeguard your cloud solutions even more.

Vincent biret azure functions and flow (ottawa)

Vincent Biret

This document outlines Vincent Biret's presentation on Azure Functions and Microsoft Flow. The presentation includes demos of using Flow to automate workflows across various services and using Functions to run pieces of code in the cloud. It also discusses pricing plans for Flow, supported languages for Functions, and best practices for integrating Flow and Functions. The presentation agenda covers introductions to Flow and Functions, demos of each, and a conclusion about how these tools can provide reliable development, save time and money, and empower users.

Vincent biret azure functions and flow (toronto)

Vincent Biret

This document outlines Vincent Biret's presentation on Azure Functions and Microsoft Flow. The presentation includes demos of using Flow to automate workflows across various services and using Functions to run pieces of code in the cloud. The agenda covers introductions to Flow and Functions, demos of each, best practices for using them together, and a conclusion on how they can provide reliable development, save time and money, and empower users.

SPS calgary 2017 introduction to azure functions microsoft flow

Vincent Biret

Migrare Applicazioni Web su Azure

Marco Parenzan

You have some on-premise application. Perheaps you have Wordpress/PHP or Node.js/Javascript, you like them, but you don't want to handle, some ops issues, like managing FastCGI (for PHP) or Node service. Why don't you publish them on Azure? Web Sites already support PHP and Node. And you can store MySql DB on ClearDb as DBaaS. And then you can scale out your app bringing your session out the server with Redis. And, again, you can do some worker jobs with Azure Web Jobs. And undestand how can you use Kudu features to debug and work better with websites.

AZ-204 : Implement Azure security

AzureEzy1

Speakers: 1. Sanjib Panigrahi, https://www.linkedin.com/in/sanjibpanigrahi/ 2. Vpin Jha, https://www.linkedin.com/in/vipinkumarjha/ Topics Covered: 1. AZ-204 Exam benefit and Certification Roadmap. 2. Implement user authentication and authorization 3. Implement secure cloud solutions Complete AZ-204 Training Playlist https://youtube.com/playlist?list=PLBUNlq0o5irSs3XR3nanSVWCbreCvWKG_ Slide deck : https://azureezy.com/az-204-training/ AzureTalk community references: 1. AzureTalk Telegram Group: https://t.me/azuretalk 2. Azure DevOps Telegram Group: https://t.me/azuredevopspro 3. AzureEzy Website: https://azureezy.com Azure Reference Links Azure Reference Links 1. Popular Microsoft Azure training: https://docs.microsoft.com/en-us/learn/?WT.mc_id=sitertzn_homepage_learn-redirect-handsonlabs 2. Azure Docs: https://docs.microsoft.com/en-us/azure/

Azure Ninja Tips and Tricks

Todd Whitehead

Zure Azure PaaS Zero to Hero - DevOps training day

Okko Oulasvirta

This document provides an overview of Azure DevOps and related Azure services for continuous integration, delivery, and monitoring. It discusses DevOps practices including source control with Azure Repos, work tracking with Azure Boards, continuous integration and deployment pipelines with Azure Pipelines, infrastructure as code with ARM templates, and application monitoring with Application Insights. It also covers security practices like role-based access control and use of Azure Key Vault for secrets management. Live demos are provided for many of the Azure DevOps features and services discussed.

Shifting security left simplifying security for k8s open shift environments

LibbySchulze

This document discusses securing secrets in Kubernetes. It describes how attackers were able to hijack cloud resources by accessing unprotected credentials stored in a Kubernetes console. It then provides recommendations for securely managing secrets, including using Conjur to establish identity for applications and enforce authorization. It outlines best practices like regularly rotating secrets and removing hard-coded credentials. The document also describes how Conjur can integrate with Kubernetes to verify application identities and issue credentials without exposing secrets.

Similar to Secure deployments keeping your application secrets private -duug fest (20)

Secure your Azure Web App 2019

Azure Low Lands 2019 - Building secure cloud applications with Azure Key Vault

Zero credential development with managed identities

Secure your web app presentation

PuppetConf 2017: Securing Secrets for Puppet, Without Interrupting Flow- Ryan...

Passwordless Development using Azure Identity

Secure Your Code Implement DevSecOps in Azure

Intelligent Cloud Conference 2018 - Building secure cloud applications with A...

Zero Credential Development with Managed Identities

Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault

Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)

ITProceed 2015 - Securing Sensitive Data with Azure Key Vault

Vincent biret azure functions and flow (ottawa)

Vincent biret azure functions and flow (toronto)

SPS calgary 2017 introduction to azure functions microsoft flow

Migrare Applicazioni Web su Azure

AZ-204 : Implement Azure security

Azure Ninja Tips and Tricks

Zure Azure PaaS Zero to Hero - DevOps training day

Shifting security left simplifying security for k8s open shift environments

More from Henry Been

Henry been azure resource manager - inside out

Henry Been

This document discusses infrastructure as code using Azure Resource Manager templates. It begins with an example of JSON code that defines a storage account resource. It then covers key aspects of ARM templates like their structure with parameters, variables, resources, and outputs. It also discusses functions that can be used in templates and different ways of deploying templates including via the Azure CLI, PowerShell, or pipelines.

Dot netsaterday henry been - logging instrumentation dashboards alerts

Henry Been

Cloud brew henry been - logging instrumentation dashboards alerts

Henry Been

Serverless computing henry been - logging instrumentation dashboards alerts

Henry Been

Serverless computing henry been - continuous deployment of azure functions

Henry Been

Logging, Instrumentation, Dashboards and Alerts - for developers

Henry Been

Cloud brew cloudcamp

Henry Been

Writing, build and releasing your own vsts extension

Henry Been

Continuous delivery for the it pro

Henry Been

Focus on business value by going Serverless

Henry Been

Henry been database-per-tenant with 50k databases

Henry Been

To create an application that is truly designed for massive scale, scale-out at every level of the solution is needed. While doing so at the services level, many developers are still using a single database to serve every request. In response to this, a new pattern, database-per-tenant, is emerging. In this pattern, all data is distributed over a large number of databases. In this session Henry will explore this pattern in detail, covering its advantages and disadvantages and a number of common scenarios around such an architecture.

Henry been - Multi-tenant applications using 30k databases

Henry Been

More from Henry Been (12)

Henry been azure resource manager - inside out

Dot netsaterday henry been - logging instrumentation dashboards alerts

Cloud brew henry been - logging instrumentation dashboards alerts

Serverless computing henry been - logging instrumentation dashboards alerts

Serverless computing henry been - continuous deployment of azure functions

Logging, Instrumentation, Dashboards and Alerts - for developers

Cloud brew cloudcamp

Writing, build and releasing your own vsts extension

Continuous delivery for the it pro

Focus on business value by going Serverless

Henry been database-per-tenant with 50k databases

Henry been - Multi-tenant applications using 30k databases

Recently uploaded

原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样

mz5nrf0n

原版一模一样【微信：741003700 】【美国纽约州立大学奥尔巴尼分校毕业证学位证书】【微信：741003700 】学位证，留信认证（真实可查，永久存档）offer、雅思、外壳等材料/诚信可靠,可直接看成品样本，帮您解决无法毕业带来的各种难题！外壳，原版制作，诚信可靠，可直接看成品样本。行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题，包您满意。本公司拥有海外各大学样板无数，能完美还原海外各大学 Bachelor Diploma degree, Master Degree Diploma 1:1完美还原海外各大学毕业材料上的工艺：水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700 留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才

Atelier - Innover avec l’IA Générative et les graphes de connaissances

Neo4j

Atelier - Innover avec l’IA Générative et les graphes de connaissances Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement. Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.

A Study of Variable-Role-based Feature Enrichment in Neural Models of Code

Aftab Hussain

Understanding variable roles in code has been found to be helpful by students in learning programming -- could variable roles help deep neural models in performing coding tasks? We do an exploratory study. - These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia

WWDC 2024 Keynote Review: For CocoaCoders Austin

Patrick Weigel

Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris

Neo4j

Using Xen Hypervisor for Functional Safety

Ayan Halder

Energy consumption of Database Management - Florina Jonuzi

Green Software Development

Unveiling the Advantages of Agile Software Development.pdf

brainerhub1

LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM

lorraineandreiamcidl

Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis

Envertis Software Solutions

When it is all about ERP solutions, companies typically meet their needs with common ERP solutions like SAP, Oracle, and Microsoft Dynamics. These big players have demonstrated that ERP systems can be either simple or highly comprehensive. This remains true today, but there are new factors to consider, including a promising new contender in the market that’s Odoo. This blog compares Odoo ERP with traditional ERP systems and explains why many companies now see Odoo ERP as the best choice. What are ERP Systems? An ERP, or Enterprise Resource Planning, system provides your company with valuable information to help you make better decisions and boost your ROI. You should choose an ERP system based on your company’s specific needs. For instance, if you run a manufacturing or retail business, you will need an ERP system that efficiently manages inventory. A consulting firm, on the other hand, would benefit from an ERP system that enhances daily operations. Similarly, eCommerce stores would select an ERP system tailored to their needs. Because different businesses have different requirements, ERP system functionalities can vary. Among the various ERP systems available, Odoo ERP is considered one of the best in the ERp market with more than 12 million global users today. Odoo is an open-source ERP system initially designed for small to medium-sized businesses but now suitable for a wide range of companies. Odoo offers a scalable and configurable point-of-sale management solution and allows you to create customised modules for specific industries. Odoo is gaining more popularity because it is built in a way that allows easy customisation, has a user-friendly interface, and is affordable. Here, you will cover the main differences and get to know why Odoo is gaining attention despite the many other ERP systems available in the market.

Artificia Intellicence and XPath Extension Functions

Octavian Nadolu

ALGIT - Assembly Line for Green IT - Numbers, Data, Facts

Green Software Development

Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf

VALiNTRY360

Salesforce Healthcare CRM, implemented by VALiNTRY360, revolutionizes patient management by enhancing patient engagement, streamlining administrative processes, and improving care coordination. Its advanced analytics, robust security, and seamless integration with telehealth services ensure that healthcare providers can deliver personalized, efficient, and secure patient care. By automating routine tasks and providing actionable insights, Salesforce Healthcare CRM enables healthcare providers to focus on delivering high-quality care, leading to better patient outcomes and higher satisfaction. VALiNTRY360's expertise ensures a tailored solution that meets the unique needs of any healthcare practice, from small clinics to large hospital systems. For more info visit us https://valintry360.com/solutions/health-life-sciences

Vitthal Shirke Java Microservices Resume.pdf

Vitthal Shirke

Oracle 23c New Features For DBAs and Developers.pptx

Remote DBA Services

openEuler Case Study - The Journey to Supply Chain Security

Shane Coughlan

Microservice Teams - How the cloud changes the way we work

Sven Peters

A lot of technical challenges and complexity come with building a cloud-native and distributed architecture. The way we develop backend software has fundamentally changed in the last ten years. Managing a microservices architecture demands a lot of us to ensure observability and operational resiliency. But did you also change the way you run your development teams? Sven will talk about Atlassian’s journey from a monolith to a multi-tenanted architecture and how it affected the way the engineering teams work. You will learn how we shifted to service ownership, moved to more autonomous teams (and its challenges), and established platform and enablement teams.

Webinar On-Demand: Using Flutter for Embedded

ICS

Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.

Requirement Traceability in Xen Functional Safety

Ayan Halder

How to write a program in any programming language

Rakesh Kumar R

Recently uploaded (20)

原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样

Atelier - Innover avec l’IA Générative et les graphes de connaissances

A Study of Variable-Role-based Feature Enrichment in Neural Models of Code

WWDC 2024 Keynote Review: For CocoaCoders Austin

Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris

Using Xen Hypervisor for Functional Safety

Energy consumption of Database Management - Florina Jonuzi

Unveiling the Advantages of Agile Software Development.pdf

LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM

Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis

Artificia Intellicence and XPath Extension Functions

ALGIT - Assembly Line for Green IT - Numbers, Data, Facts

Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf

Vitthal Shirke Java Microservices Resume.pdf

Oracle 23c New Features For DBAs and Developers.pptx

openEuler Case Study - The Journey to Supply Chain Security

Microservice Teams - How the cloud changes the way we work

Webinar On-Demand: Using Flutter for Embedded

Requirement Traceability in Xen Functional Safety

How to write a program in any programming language

Secure deployments keeping your application secrets private -duug fest

1. SECURE DEPLOYMENTS KEEPING YOUR SECRETS PRIVATE Henry Been "Locks" (CC BY-NC-ND 2.0) by wolf4max

2. WONDERING WHO IS THAT GUY? HENRY BEEN Independent Devops & Azure Architect E: consultancy@henrybeen.nl T: @henry_been L: linkedin.com/in/henrybeen W: henrybeen.nl

3. So… WHO DOES DEVOPS?

4. THE NEED FOR SECRET MANAGEMENT Develop Build Deploy Operate Dev Ops DevOps

5. Secret management goals No team member needs production access Frequently change secrets Decouple authentication from authorization No secrets in source control

6. HOW NOT TO DO SECRET MANAGEMENT

7. 1. Let operations deploys 2. Enter manually in the portal 3. Encrypted in source control 4. Use once, obscure https endpoint HOW NOT TO..

8. So… HOW THEN?

10. Approach 1 USING RELEASE ORCHESTRATOR VSTS Secrets Azure Web AppCode

11. DEMO TIME! USING RELEASE ORCHESTRATOR

12. USING RELEASE ORCHESTRATOR • Secrets are pretty secure • Easy to start with • Fits existing situations • You see and copy secrets • Secrets visible in portal • Duplication of secrets • Cannot roll secrets easily Pros Cons

13. Prerequisite: Have primary & secondary secrets 1. Change the secret in release orchestrator to secondary secret 2. Release 3. Roll primary secret 4. Change the secret in release orchestrator to primary secret 5. Release 6. Roll secondary secret Intermezzo: Roll a secret

14. Approach 2 USING ARM TEMPLATES Azure Web App Key Vault VSTSCode & Infra

15. DEMO TIME! USING ARM TEMPLATES

16. USING ARM TEMPLATES • No manual copying or sharing of secrets • No more manual duplication of Azure keys • Secrets visible in portal • Still cannot roll secrets easily Pros Cons

17. Approach 3 DIRECTLY FROM KEY VAULT VSTS Azure Web App Code & Infra Key Vault

18. HOWTO: Local Development 1. Grant your developer account access to (another) Key Vault • Best alternative • Requires your machine to be in the same AD domain 2. Only use Key Vault in Azure (locally use Web.config) • You have to write code to do this (though pretty straightforward) 3. Manually create a development identity and use that • However… do not check secrets into source control

19. DEMO TIME! DIRECTLY ACCESS KEY VAULT

20. DIRECTLY ACCESS KEY VAULT • No manual copying or sharing of secrets • No more duplication of Azure keys • Secrets no longer visible in portal • Changed secrets are automatically picked up • Only available on Azure Web Apps, Azure Functions and DataFactory V2 Pros Cons

21. Approach 4 DIRECTLY ACCESS SERVICE VSTS Azure Web App Code & Infra AAD Other Service

22. DEMO TIME! DIRECTLY ACCESS SERVICE

23. DIRECTLY ACCESS SERVICE • No more secrets • Only available on Azure Web Apps, Azure Functions and DataFactory V2 • Only on supported services Pros Cons

24. Supported services • Azure Resource Manager • Azure Key Vault • Azure Data Lake • Azure SQL DB • Azure Event Hubs • Azure Service Bus • Azure Storage https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/services-support-msi

25. SECRETS FOR LOCAL DEVELOPMENT AND DEPLOYMENTS USING CONFIG BUILDERS Requires: • (.NET Framework ≥ 4.7.1 &&.NET Framework 4.7.1 Development Tools) || ASP.NET Core 2.0

26. CONFIG BUILDERS Runtime AppSettings App.config ConfigBuilders

27. Using .NET Framework How I made it work…

28. What should work…

29. Using .NET Framework Local development…

30. Premade config builders • EnvironmentConfigBuilder • UserSecretsConfigBuilder • AzureKeyVaultConfigBuilder • KeyPerFileConfigBuilder • SimpleJsonConfigBuilder https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/services-support-msi

31. Using .NET Core

32. Use your release orchestrator Manual deployment NEVER EVER EVUHRR When you deploy only code Keyvault and ARM templates When you also deploy infra Application identity / KeyVault When available & possible Application identity / Oauth resource When available & possible WHAT TO USE WHEN? Config builders When available & possible

33. DO TRY THIS AT HOME! HENRY BEEN Independent Devops & Azure Architect E: consultancy@henrybeen.nl T: @henry_been L: linkedin.com/in/henrybeen W: henrybeen.nl

Editor's Notes

"Locks" (CC BY-NC-ND 2.0) by wolf4max

Secure deployments keeping your application secrets private -duug fest

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Similar to Secure deployments keeping your application secrets private -duug fest

Similar to Secure deployments keeping your application secrets private -duug fest (20)

More from Henry Been

More from Henry Been (12)

Recently uploaded

Recently uploaded (20)

Secure deployments keeping your application secrets private -duug fest

Editor's Notes