Tag

keyvault

Azure, C#

Migrating to the new C# Azure KeyVault SDK Libraries

You may be familiar with the Microsoft.Azure.KeyVault SDK. This SDK is being retired in favor of 3 new SDKs: Azure.Security.KeyVault.Keys Azure.Security.KeyVault.Secrets Azure.Security.KeyVault.Certificates As you can see, the Microsoft Azure SDK team split the KeyVault functionality in 3 distinct SDKs. All those SDKs are unified with the Azure.Identity SDK to manage authentication. Let’s deep dive a little bit into those SDKs. I wanted to brush up on those, as usually what people do, when they have the KeyVault setup in their application, they tend to forget about it. If you want to migrate to the new SDKs (or you’re looking to consume the KeyVault through code), this post can be of interest to you. Azure.Identity SDK The Azure Identity library is…

Read more
November 12, 2020 | by Dominique St-Amand | 2 Comments
Azure

Live notifications from an Azure Keyvault to your Slack

In a world where monitoring is key for sensitive information, or even for alerts that can put your system down (such as an expired certificate), it is necessary sometimes to be alerted “right away”. Azure Alerts are great, but they have a delay, as the data needs to get ingested into your analytics and then need to run with the alert frequency you have set for you to be aware that something is going on. In this post I will show a way where you can be alerted somewhat instantly. We will consume 2 types of event data from a keyvault, that is the diagnostics AuditEvent and the events that Azure provides us out of the box. Once consumed, we…

Read more
June 3, 2020 | by Dominique St-Amand | Leave a comment
Azure, C#

Loading a X509 certificate from Azure KeyVault into a .NET Core application

In a context where we are now using APIs a lot more than we used to, it becomes important to secure them. One way we can secure them is using the OAUTH/OpenId protocol, which relies on Json Web Tokens (JWTs).  A JWT needs to be generated and digitally signed by the authority (what we call a Security Token Service (STS)) your APIs trust. They require signed JWTs to prevent attackers from altering or counterfeiting such tokens in an attempt to gain unauthorized access to the resources secured by the APIs. A good open source implementation of such authority is IdentityServer4 which also gives you a lot more features than just being a STS. In development mode, IdentityServer4 provides you with…

Read more
March 20, 2019 | by Dominique St-Amand | Leave a comment