HOW-TO: Deploy AKS with POD Managed Identity and CSI using Terraform and Azure Pipeline
Today as we develop and run application in AKS, we do not want credentials like database connection strings, keys, or secrets and certificates exposed to the outside world where an attacker could take advantage of those secrets for malicious purposes. Our application should be designed to protect customer data. AKS documentation describes in detail security best practiceHow-To: Deploy Microservice Application with Secrets Store CSI Driver Using Helm Chart
In the last blog we discussed AKS Pod Identity and how we utilize this feature in our application and establish a secure access to Azure resources using Azure SDK libraries. One of disadvantage of using Pod Identity is in case of existing workload that use K8s secrets. If developer wants to adapt pod Identity instead of using K8s secrets, then developer will need to refactor the existing code and add Azure Key Vault libraries to retrieve secrets from KV.How-To: Deploy Microservice Application with Pod Identity Using Helm Chart
Pod Identity is a feature allows applications deployed to communicate with AAD, request a token then use the token to access Azure resources. The blog will discuss how to deploy apps and use Pod Identity to access azure resources using Helm ChartSecure Application Lifecycle - Part 1 - Using CredScan
It is important to frequently perform and install security validations on applications. There are two important aspects for these security validations. First, developer should be able to detect any credentials or secrets in the code and be able to perform frequent security health checks on azure subscriptions. In this series, I will go over very useful tools which help to improve the security of application and cloud resourcesPreventing Leaked Azure Secrets in GitHub!
Did you ever push password or secrets creds to Github by accident? Did you ever wish if there is a way to block your commit or warning you that there are sensitive creds in your code? Good News if you did not know there are git hooks that preventing this type of leakProtect and Secure Cloud-based Applications using Azure MFA
We're going to talk about enabling MFA for applications that are accessed over the internet. This will force users accessing the application from the internet to authenticate with their primary credentials as well as a secondary using Azure MFA.Quick Start with Azure Resources Graph and Python API
Hello, Everyone! Did ever want to get Azure resources’ s information across hundreds of subscriptions very quick without the need to looping through each subscription? Did you ever try Resources Graph explorer? Or wondered how can we do it programmatically?
