How to securely store and load secrets using Azure Key Vault in .NET Core (using a certificate)

preview_player
Показать описание

Hello everybody I'm Nick and in this .NET tutorial I will show you how you can properly use Azure Key Vault in order to store and load secrets in your .NET Core application. There are many ways to get security wrong and only a few to get it right and this is one of the few. I will be using the certificate approach which is the most recommended one because it's the most secure.

Don't forget to comment, like and subscribe :)

Social Media:

#dotnet #keyvault #security
  1. Nick Chapsas
  2. Elfocrash
  3. elfo
  4. coding
  5. asp.net
  6. .netcore
Рекомендации по теме
The right way 0:05:38

The right way to securely store and access your files 💾🔒 DIY in 5 Ep 173

How to securely 0:30:23

How to securely store and load secrets using Azure Key Vault in .NET Core (using a certificate)

How to securely 0:05:09

How to securely store passwords

How to securely 0:01:45

How to securely store your passwords?

Hide Your Secrets 0:04:33

Hide Your Secrets FOREVER! - Erasing Data Securely

How To Store 0:09:55

How To Store Passwords Securely In Node.js Using Bcrypt

How to securely 0:05:33

How to securely store passwords on a user's machine

How to securely 0:17:03

How to securely store Monero with TailsOS

Deploy and Secure 0:05:21

Deploy and Secure a Virtual Assistant with HPE Private Cloud AI

How To Securely 0:04:41

How To Securely Store Your Passwords

Store & retrieve 0:04:38

Store & retrieve data securely with Block Store

How to Securely 0:31:37

How to Securely Store Client OpenAI Keys [Source Code Included]

Best way to 0:05:28

Best way to store passwords securely | How to securely store passwords in database | Harisystems

How to securely 0:01:54

How to securely share files outside your business

How to Securely 0:14:05

How to Securely Store .NET App Configuration and Secrets in AWS Systems Manager Parameter Store

Python Tutorial: Securely 0:16:58

Python Tutorial: Securely Manage Passwords and API Keys with DotEnv

How to securely 0:03:24

How to securely store and manage your passwords in Google Chrome Password Manager?

👉 How to 0:00:05

👉 How to Securely Store and Transfer Bitcoin

How to securely 0:05:51

How to securely store and manage your crypto assets

How to securely 0:07:52

How to securely exchange and store data in Genetec Security Center

Your Data, its 0:54:27

Your Data, its value and how to securely store it

Azure Data Factory 0:17:31

Azure Data Factory | How to securely store passwords with Azure Key Vault & set up code repo for...

How to Securely 0:02:09

How to Securely Store Your Cryptocurrency?

How to securely 0:00:46

How to securely store XRP after purchasing in 2022?

Комментарии
Автор

I think this is one of the best video so far on Key Vault. Really appreciate your efforts.
So basically we can connect key vault using below technique,
1. Using Manged Identity ( System Designed), .
2. Using Client Id & Client Secret.
3. Using Client Id & Certificates.
All of these needs App Registration to grant access to Key Vault.

hemantjain
Автор

Even in 2023 it's still useful! I just integrated a keyvault for the first time a-z myself. I used azure app configuration which has some keys mapped to key vault. So when I pull the configuration I'm getting both plain values and secret values in one shot. Thanks, Nick!

AlexanderBelikov
Автор

Great video! I think people using Azure All the way might find it easier with 2 changes:

1) Use Managed Identity for Auth (skip certificate setup + increase security by making it easier to manage later without deploying new code)

2) Use Azure App Configuration (and load secrets into Azure App Configuration using KeyVault, to get the additional audit for who accesses those keys specifically) to control config naming limitations in KeyVault in cloud

With above you will at least get a much simpler composition root - and more cloud control (remember to manage who has access to that).

I'm still missing the auto secret rotation feature which AWS has (that's really cool), but I guess there is a way to do that with some Azure Automation (just a shame it's not an out of the box feature like in AWS)

nickniebling
Автор

I have been finding solution for using secret keys for almost 2 days.. This is only solution that i find workable. Thankyou very much...

sunnygb
Автор

Best key vault tutorial/explanation out there by far! Great job 👏

marcelomatg
Автор

I can't believe that a tutorial like this is free. Fantastic job Nick! Thank you so much.

agustinustheoo
Автор

Great tutorial! Maybe use the CN instead of the Thumbprint, so if the Certificate expires you can load a new one without the need to redeploy the application!

nagybarnabas
Автор

How about adding keys as Azure app service configuration that will later exposed to app as env variables? What's the downside of this?

Great content keep it up!

nullentrophy
Автор

Great video! Nick, please add to the videos the corresponding Microsoft Documentation link.
Also I hope to see soon a video on how to get the most of Azure Application Insights!!
I loved your asp.net core Rest API tutorial, learned a lot. Thank you!

facundo
Автор

Hi Nick. Great video!
I managed in the end to make it work both locally and in the cloud. Thanks!
One question though.
You said this method is the most secure we could use in Production. What about using a system assigned managed identity ?
And regarding the Development, what is the preferred way ?
1. to connect via a service principal and use the certificate locally (I believe it would be difficult, as the certificate has to be shared across devs)
2. to be given access to the app service (and probably other clients like key vault) and using the DefaultAzureCredential, to let Azure detect the signed in user

I'm really interested about this topic and I hope others are too, so we get a reply from you!
Thanks again!

andreibicu
Автор

THIS VIDEO IS ABSOLUTE GOLD.

Thanks Nick

juanpa_g
Автор

Awesome video but, given that its deprecated how do you configure it in the Program.cs file in Core 6.0 since the Startup file is no longer a thing?

rb
Автор

Hi, thank you so much for the detailed explanation. My project is in .NET MVC 4.6.2. Do you have any video that explains the same concept for .NET MVC?

dileepc
Автор

Nice explanation, can you confirm if I can use same way to secure Azure function http trigger . I want to access this function from a specific application.

AbdulKhalilQureshi
Автор

Thanks Nick for the wonderful tutorial -
What certificate should a team purchase when application goes to Prod (since self singed certificate is recommended for Development Environment)

Thanks

vvijayar
Автор

Thanks Nick for sharing your knowledge. Keep up the good work.

FocusAmbientMusic
Автор

Hello there!
Can I ask some questions?
1) Should we use (I mean by your opinion and recommendation) azure key vault for store DB creds etc?
2) Did you hear about "git secret"? What do you think about that way?
3) As I understood, certificate is strongly recommended, but not necessary? Am I right? Can we configure certificate in appSettings.json? I remember smth like that in .Net Framework and web.config times.

denis-suleimanov
Автор

Hi, Iove all your videos. Thanks a lot for sharing your knowledge.
Can you suggest how to reload when the values are updated in AKV?

sdbhattacharya
Автор

I'm just a beginner with regards to understanding https, certificates and storing secrets in .NET. In Azure Portal, when I created the key vault, under /certificates I see that you can just generate one. Is it stupid to do that, download it and the upload for the app registration?

iliyan-kulishev
Автор

Could you give a diagrammatic/high-level idea of what exactly are you doing?

kartikraiify
visit shbcf.ru