Managing Azure Secrets on GitHub Repositories

%3CLINGO-SUB%20id%3D%22lingo-sub-150029%22%20slang%3D%22en-US%22%3EManaging%20Azure%20Secrets%20on%20GitHub%20Repositories%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-150029%22%20slang%3D%22en-US%22%3E%3CP%3EAn%20increasing%20number%20of%20developers%20across%20the%20globe%20use%20GitHub%20to%20host%20their%20projects%2C%20and%20many%20of%20them%20use%20GitHub%20public%20repositories%20for%20their%20open%20source%20work.%20While%20this%20is%20a%20great%20way%20to%20contribute%20and%20leverage%20the%20power%20of%20the%20community%2C%20it%20does%20come%20with%20a%20unique%20set%20of%20responsibilities.%20Particularly%20around%20managing%20credentials%20and%20other%20secrets.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EExamples%20of%20Azure%20secrets%20are%20authentication%20credentials%20that%20should%20not%20be%20made%20public.%20These%20include%20things%20such%20as%20passwords%2C%20private%20keys%2C%20database%20connection%20strings%2C%20and%20storage%20account%20keys%20that%20are%20managed%20by%20Azure%20tenants.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20Azure%2C%20we%20take%20security%20very%20seriously.%20Azure%20secrets%20are%20considered%20sensitive%20and%20should%20not%20be%20made%20publicly%20available.%20An%20exposed%20secret%20could%20lead%20to%20the%20compromise%20of%20your%20Azure%20subscription%2C%20your%20cloud%20assets%2C%20as%20well%20as%20on-premises%20assets%20and%20data%3B%20putting%20your%20applications%20or%20services%20at%20significant%20risk.%26nbsp%3B%3CSPAN%3ETo%20help%20protect%20our%20customers%2C%20Azure%20runs%20Credential%20Scanner%20aka%20CredScan.%20CredScan%20monitors%20all%20incoming%20commits%20on%20GitHub%20and%20checks%20for%20specific%20Azure%20tenant%20secrets%20such%20as%20Azure%20subscription%20management%20certificates%20and%20Azure%20SQL%20connection%20strings.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%224eabbe7e-ef6c-4782-b3cd-3d6f43feba6d.png%22%20style%3D%22width%3A%20316px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F27629iEAF453FBF357CCF3%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%224eabbe7e-ef6c-4782-b3cd-3d6f43feba6d.png%22%20alt%3D%224eabbe7e-ef6c-4782-b3cd-3d6f43feba6d.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERead%20about%20it%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fblog%2Fmanaging-azure-secrets-on-github-repositories%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20blog%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-150029%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Community Manager

An increasing number of developers across the globe use GitHub to host their projects, and many of them use GitHub public repositories for their open source work. While this is a great way to contribute and leverage the power of the community, it does come with a unique set of responsibilities. Particularly around managing credentials and other secrets.

 

Examples of Azure secrets are authentication credentials that should not be made public. These include things such as passwords, private keys, database connection strings, and storage account keys that are managed by Azure tenants.

 

In Azure, we take security very seriously. Azure secrets are considered sensitive and should not be made publicly available. An exposed secret could lead to the compromise of your Azure subscription, your cloud assets, as well as on-premises assets and data; putting your applications or services at significant risk. To help protect our customers, Azure runs Credential Scanner aka CredScan. CredScan monitors all incoming commits on GitHub and checks for specific Azure tenant secrets such as Azure subscription management certificates and Azure SQL connection strings. 

 

4eabbe7e-ef6c-4782-b3cd-3d6f43feba6d.png

 

Read about it in the Azure blog.

0 Replies