Managing Secrets in modern application development

Managing Secrets in modern application development

M4

.Net, Architecting on Azure, Developer, Development and Test, Level: 300, Security, Sessioner2018

Managing Secrets in modern application development requires more effort than storing clear text password, connection strings and api keys in your configuration files. It requires storing secrets in secure location outside of source control and managing the set of secrets per different environments that the application runs in. We are going to look at handling secrets in .net code and managing them throughout your CI/CD pipeline. We will touch upon different Azure technologies such as Azure Key Vault, ARM Templates, Managed Identities, VSTS and .NET Core, however the principal approach shown is technology agnostic.