|
Quote: To securely access the Key Vault from your applications without exposing the secrets in config files, you can leverage Azure Managed Service Identity (MSI) feature.
Managed Service Identity (MSI) is a feature of Azure Active Directory that provides Azure services with an automatically managed identity in Azure AD. With MSI, Azure services can authenticate with other Azure services that support Azure AD authentication, without requiring you to manage any secrets or credentials.
The process for accessing the Key Vault using MSI can be summarized in the following steps:
Enable the MSI feature for your Azure App Service/Web App: Enable the system assigned identity for your Web App by turning it on in the Identity blade of your Web App.
Add access policy to Key Vault: Once MSI is enabled, navigate to your Key Vault, select the Access policies blade, and add the necessary permissions to allow your Web App to access the Key Vault.
Modify your code to use MSI to authenticate with the Key Vault: In your code, you can use the Azure.Identity NuGet package to authenticate with the Key Vault using the MSI endpoint. Here's some sample code that demonstrates how to access a secret in a Key Vault using MSI:
var credential = new DefaultAzureCredential();
var client = new SecretClient(new Uri("https://{keyvault-name}.vault.azure.net/"), credential);
KeyVaultSecret secret = await client.GetSecretAsync("secret-name");
string secretValue = secret.Value;
|
|
|
|
|
Someone trained the AI bot well. That is what I do when I design the system. I find that "in the wild", a lot of shops don't.
|
|
|
|
|
BernardIE5317 wrote: leverage Azure Managed Service Identity (MSI) feature
This is the proper way to use KeyVault.
There are no solutions, only trade-offs. - Thomas Sowell
A day can really slip by when you're deliberately avoiding what you're supposed to do.
- Calvin (Bill Watterson, Calvin & Hobbes)
|
|
|
|
|
Maybe you shouldn't hide the key, just encrypt it. The apps should know where the keys are and how to decrypt them.
As a real-world example, I need the ability for hundreds of customer desktop apps to be able to utilize one or more FTP resources, and also need the ability to change the credentials for those resources 'on the fly'. Those credentials are actually stored on a publicly accessible website in an XML file with very unassuming names/tags and, of course, encrypted. My 2 cents. 
"Go forth into the source" - Neal Morse
"Hope is contagious"
|
|
|
|
|
I have done that before, but the issue still remains that the decryption key for that still has to be accesible to the app. And thus, accessible by another person.
|
|
|
|
|
I'm not sure that's a concern, in the big picture. If a bad actor has access to any well designed key strategy, you have bigger problems than worrying about the key, no? They would probably have enough access to dis-own you of your system.
|
|
|
|
|
As per generally accepted usage, I put the key content on a yellow sticky note where my computer webcam can see it and route it up to the app. 
|
|
|
|
|
Oh man, but then you gotta add an OCR library to the application, and maybe some Google photo captchas. 
|
|
|
|
|
I may be missing something, but why wouldn't 2 factor authentication work?
Just call me obtuse...
|
|
|
|
|
|
The ancient Greeks figured out that the erth wasn't flat. It's a shame hat the flat-earthers haven't caught up with them.
|
|
|
|
|
NO
I like that one!
modified 30-Mar-23 10:09am.
|
|
|
|
|
|
I guess it was a Freudian slip since I live in FL
|
|
|
|
|
The picture is wrong.
All of them are flat. But only the earth is shown edge on.
|
|
|
|
|
very clever those flat earthers
|
|
|
|
|
We are quite smart. No way you can fool us.
"If we don't change direction, we'll end up where we're going"
|
|
|
|
|
|
Pull out
sketch DRAW
first - letter A
learner L
to start with WITH
WITHDRAWAL
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
I think the hyphen would throw people off 
In a closed society where everybody's guilty, the only crime is getting caught. In a world of thieves, the only final sin is stupidity. - Hunter S Thompson - RIP
|
|
|
|
|
That's what punctuation is there for!
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
I'm keen to guess. Does someone with a learner's permit in the UK have an "L" decal on their car?
|
|
|
|
|
Yep, and Hong Kong, India, Ireland, parts of Canadia, Israel, Malaysia, Spain, Oz, NZ, Switzerland, Poland, parts of the USA, ... loads of places!
In Wales, we have a Red 'L' for Learner, Green 'L' for recently passed, Green 'D' for "Disqualified", and Red 'D' for "Drunk"*
* That's a lie: the D is "Dysgwr", the Welsh for "Learner" but you wouldn't know that from the way they drive ... 
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
modified 30-Mar-23 11:54am.
|
|
|
|
|
Not in Minnesota USA anyway. Some families add a rear window sticker stating that there is a Student Driver - but this isn't required by law.
|
|
|
|
|
Nice clue! I even solved it - after I spent a fruitless half hour going down the rabbit hole pulling "out" from "outline" (another synonym of sketch) and getting nowhere. After re-reading the clue I saw "withdraw" as a definition of pull out. I easily got the A from first-letter but was unsure of L for learner, but withdrawal was too good a fit so I checked my guess against your solution. The "-" didn't throw me off, but I was so sure I was cleverly onto something with "outline"!
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
