Leave a Reply

6 Comments on "ASP.NET Monsters #107: Azure Key Valut"

Notify of
avatar

stimms
Guest
stimms
12 days 7 hours ago

@Wobble: oh look at that – thanks, I’ve fixed it.

Wobble
Guest
Wobble
12 days 8 hours ago

There's a typo in the title of this video. *VaultMight help search engines when people are searching for this topic.

stimms
Guest
stimms
13 days 2 hours ago

@Tony: I must say I hadn’t considered that. It is possible to build cryptographic systems such that not even the designer can read the secrets – in fact, I’d say it is fundamental to such a system. Personally, I find it pretty unlikely that THE MAN is interested in decrypting the keys I’m using to store credentials for my recipe collection. As with all things here is the related XKCD comic xkcd.com/538/

stimms
Guest
stimms
13 days 3 hours ago

@MaheshkMSFT: Thanks for the tip. Using certificates makes a lot more sense than securing passwords with other passwords. I’ll have to dig into this a bit more and do a followup video. 

Tony
Guest
Tony
13 days 3 hours ago
To me, the primary reason for Azure KeyVault is a service to government officials for decrypting and access data when needed.Rather than every customer come up with their own scheme of storing this secret information, customers are encouraged to store their secrets in such a manner that makes it easier for Microsoft and/or government officials to access said secrets and related data. This makes access much easier in that there is one standard place to look and there is no need to try and figure out the seemingly endless and obscure methods used by many customers.In addition, but secondary, Azure… Read more »
MaheshkMSFT
Guest
MaheshkMSFT
14 days 3 hours ago
Hi, It is great to see this video on Key Vault. When using Key Vault to store app secrets for production applications, it is recommended to use X509 cert based authentication. This video shows a client_id+secret based authentication. This beats the whole purpose of using key vault, because the secret to authenticate AAD is available in clear in the app.config file. Available Key Vault sample applications show how to do X509 based auth. This has an example in .NET.github.com/Azure/azure-sdk-for-net/blob/psSdkJson6/src/SDKs/KeyVault/dataPlane/Microsoft.Azure.KeyVault.Samples/samples/HelloKeyVault/Program.csIn the .NET example please search for "FindCertificateByThumbprint" function. This will show the X509 portion.Ps:- The above information has been shared by… Read more »
wpDiscuz