Managing Secrets for Azure Apps

Play Managing Secrets for Azure Apps
Sign in to queue


Every serious app you deploy on Azure has critical secrets – connection strings, certificates, keys. Silly mistakes in managing these lead to fatal consequences – leaks, outages, compliance violations. As multiple recent surveys point out, silly mistakes cause 4 times more data breaches than adversaries. In this session we will go over some best practices to manage your important app secrets. These may seem like common sense, yet a lot of developers neglect them. We will also go over how to leverage Azure Key Vault to implement those best practices. As an added benefit, following these practices will also help you demonstrate compliance with standards such as SOC. The first ten minutes of the session are level 100 and they apply to any cloud app you develop on any platform. The remainder is level 200-300 and focuses on apps you build on the Azure platform.


Azure, Security



Session Type:






The Discussion

  • User profile image

    Where can we get the scripts for this video demo?

  • User profile image

    Found the scripts where you expose them at the end of the video. Thanks much!

  • User profile image

    Great video - are there any patterns to rotate/create Shared Access Keys and persist them to KeyVault? Believe that there could be a lot of value in managing Shared Access Keys through KeyVault so that way the app owner doesn't see or manage them (instead, provide access via certificates).

  • User profile image

    Create introduction what you can do with key-vault and how to use it. This was also the first video/docu I have seen which explain how a VM is actually able to read a value from the key-store and that it gets placed on the OS-Disk, thanks a lot for this information!

Add Your 2 Cents