Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Managing Secrets and Secure Access in Azure Applications #304

Merged
merged 8 commits into from
Jun 28, 2019
Merged

Managing Secrets and Secure Access in Azure Applications #304

merged 8 commits into from
Jun 28, 2019

Conversation

mikhailshilkov
Copy link
Member

@mikhailshilkov mikhailshilkov commented May 24, 2019
edited
Loading

The application consists of several parts:

  • An ASP.NET Application which reads data from a SQL Database and from a file in Blob Storage
  • App Service which host the application. The application binaries are placed in Blob Storage, with Blob Url placed as a secret in Azure Key Vault
  • App Service has a Managed Identity enabled
  • The identify is granted access to the SQL Server, Blob Storage, and Key Vault
  • No secret information is placed in App Service configuration: all access rights are derived from Active Directory

@mikhailshilkov mikhailshilkov changed the title [WIP] Managing Secrets and Secure Access in Azure Applications Managing Secrets and Secure Access in Azure Applications May 28, 2019
lukehoban
lukehoban approved these changes Jun 25, 2019
View reviewed changes
Copy link
Member

@lukehoban lukehoban left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few comments - but LGTM.

azure-ts-msi-keyvault-rbac/index.ts Outdated Show resolved Hide resolved
azure-ts-msi-keyvault-rbac/index.ts Outdated Show resolved Hide resolved
azure-ts-msi-keyvault-rbac/index.ts Outdated Show resolved Hide resolved
azure-ts-msi-keyvault-rbac/index.ts Outdated Show resolved Hide resolved
azure-ts-msi-keyvault-rbac/index.ts Outdated Show resolved Hide resolved
azure-ts-msi-keyvault-rbac/index.ts Show resolved Hide resolved
@CyrusNajmabadi
Copy link
Contributor

FYI, when you force push, it makes keeping up with the PR hard. Just do normal pushes. We squash anyways when finally comitting, so it ends up the same in github. Thanks!

CyrusNajmabadi
CyrusNajmabadi reviewed Jun 26, 2019
View reviewed changes
azure-ts-msi-keyvault-rbac/webapp/Program.cs
@@ -0,0 +1,23 @@
using System;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we have copyright in our example files?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No *.cs files do, so far. Some *.ts have them, some not.

@lukehoban
Copy link
Member

@mikhailshilkov I think we can merge this now. If there's any more feedback we can incorporate later.

@mikhailshilkov
Copy link
Member Author

Merging and starting a blog post on the subject

@mikhailshilkov mikhailshilkov merged commit 7efa703 into pulumi:master Jun 28, 2019
ramene pushed a commit to ramene/pulumi-kubeflow-ml that referenced this pull request Sep 7, 2019
@mikhailshilkov
Merge pull request pulumi#304 from mikhailshilkov/azure-ts-msi-keyvau…
0ac943d 
…lt-rbac

Managing Secrets and Secure Access in Azure Applications
ramene pushed a commit to ramene/pulumi-kubeflow-ml that referenced this pull request Sep 13, 2019
@mikhailshilkov
Merge pull request pulumi#304 from mikhailshilkov/azure-ts-msi-keyvau…
d9943ea 
…lt-rbac

Managing Secrets and Secure Access in Azure Applications
dixler pushed a commit that referenced this pull request Jan 21, 2022
@mikhailshilkov
Merge pull request #304 from mikhailshilkov/azure-ts-msi-keyvault-rbac
261e98f 
Managing Secrets and Secure Access in Azure Applications
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lukehoban lukehoban lukehoban approved these changes

@CyrusNajmabadi CyrusNajmabadi CyrusNajmabadi left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mikhailshilkov @CyrusNajmabadi @lukehoban