Justin BrodleyJul 20
312: Azure Firewall Finally Learns to Spell (FQDN Edition) "This was not the secret you were looking for..." – Azure, after leaking your KeyVault like a broken Death Star exhaust port. Trust in the cloud, you must. But audit your logs, you should. #thecloudpod #KeyVault #episode312 https://www.thecloudpod.net/?p=21154
The Cloud PodJul 20
312: Azure Firewall Finally Learns to Spell (FQDN Edition) "This was not the secret you were looking for..." – Azure, after leaking your KeyVault like a broken Death Star exhaust port. Trust in the cloud, you must. But audit your logs, you should. #thecloudpod #KeyVault #episode312 https://www.thecloudpod.net/?p=21154
marandisMar 16

If you use account keys or connection strings to access Azure resources, there is a better way!

User Assigned Managed Identities (#UAMI) are more secure and less work to "manage", because you really don't have to maintain them once they are setup.

In this demo we setup connectivity from an #AppService to an Azure #KeyVault and #StorageAccount using UAMI's, showing the .Net code changes required to successfully connect to multiple resources. It isn't difficult!

https://www.youtube.com/watch?v=1W1-1vRRId8

Connect to an Azure service via User Assigned Managed Identities

YouTube
mvuJan 29

So I've been trying to figure out the answer to a theoretical problem: what would I do if I was in a foreign country and had my phone and laptop seized / stolen?

I'm not too concerned about the shit on them, but nowadays everything is 2FA. Even my password manager needs second factor auth on a new device, and the second factor is email which... You guessed it needs a second factor. I feel like I'm one lost device from disaster.

How do you go from zero to re-equipped with your logins without access to your own desk and devices?

Would it be insane to post an encrypted binary blob in like a public git repo? Random webpage? What encryption would be sufficient to confidentiality drop an entire password vault, ssh keys, etc into a public space?

(Encryption not my area of expertise)

#2fa #encryption #passwords #keyvault #multifactor #backups #cybersecurity

 Qiita - 人気の記事Jan 24

【Azure】App Service 証明書の購入で注意すべき点
https://qiita.com/bluesea_nishi/items/2beb4656d286d3e2ba70?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #Azure #証明書 #AppService #KeyVault

【Azure】App Service 証明書の購入で注意すべき点 - Qiita

0. はじめに本記事ではApp Service 証明書の購入時の注意点をご紹介します。Azure環境でFront DoorやApplication Gatewayなどでカスタムドメインを利用する…

Qiita
Janne MattilaApr 29, 2024
Utilizing Key Vault in Azure Kubernetes Service
https://www.jannemattila.com/azure/2024/04/29/utilizing-key-vault-in-aks.html
#azure #keyvault #aks
Utilizing Key Vault in Azure Kubernetes Service

Janne Mattila’s blog | From programmer to programmer – Programming just for the fun of it

Janne Mattila
Ernesto CianciottaJul 27, 2023
Sensitive data like passwords, connection strings, access keys, etc. should not be included in the source code that is committed in a shared repository. #visualstudio #extension #devops #secrets #keyvault
https://devnotes.ernstc.net/solution-secrets-v20-for-visual-studio
Solution Secrets v2.0 for Visual Studio

Sensitive data like passwords, connection strings, access keys, etc. should not be included in the source code that is committed in a shared repository. Secrets must not be deployed with the apps, too. For developers that use Visual Studio, since man...

Ernesto Cianciotta - Developer Notes
Heath StewartJul 23, 2023

Now that the #golang #AzureSDK for #KeyVault has released v1.0.0, I have updated to it and released v1 of https://pkg.go.dev/github.com/heaths/azcrypto@v1.0.0 : a cryptography client for Key Vault and #ManagedHSM that not only makes it easier to call crypto operations but tries to first cache the public key and do public key operations locally to improve performance and help mitigate throttling.

We have this in our other languages' SDKs but doesn't fit our design goals for #golang, so I wrote it as a separate module.

azcrypto package - github.com/heaths/azcrypto - Go Packages

deltatux Jul 18, 2023
An upcoming talk by #security #researcher at the #BlackHat conference in August will talk about how attackers can leverage manipulated default guest account settings in #AzureAD, and promiscuous connections in #PowerApps to gain access to corporate #SQL servers, #SharePoint sites, #KeyVault secrets & more via an undocumented #API.

#infosec #cybersecurity #azure #AzureAD #Entra #cloudsecurity

https://www.darkreading.com/black-hat/azure-ad-guests-steal-data-microsoft-power-apps
Rogue Azure AD Guests Can Steal Data via Power Apps

A few default guest setting manipulations in Azure AD and over-promiscuous low-code app developer connections can upend data protections.

Dark Reading
Heath StewartJun 29, 2023

My https://github.com/heaths/azcrypto module for easy #Azure #KeyVault and #ManagedHSM crypto operations is now feature-complete and at parity with our other #AzureSDK languages' crypto libraries. It now supports crypto operations locally using a JWK.

Not likely to make it into our official azkeys SDK, but written to our same SDK guidelines.

azkeys will GA soon, and once I upgrade my dependency I plan to GA this module.

GitHub - heaths/azcrypto: Cryptography client for Azure Key Vault SDK for Go

Cryptography client for Azure Key Vault SDK for Go - GitHub - heaths/azcrypto: Cryptography client for Azure Key Vault SDK for Go

GitHub