madsd@microsoft · store the new secret in a secured location (such as azure key vault) and out of...

[email protected]

Upload: others

Post on 14-Oct-2020

3 views

Category:

Documents

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Page 1: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret

[email protected]

mailto:[email protected]

Page 2: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret

What is a Secret?

Page 3: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret

What is the problem?

Page 4: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret

Page 5: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret

Dude, we are serious…

Page 6: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret

Introducing Managed Identities

Page 7: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret

Looking at the bigger picture

Page 8: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret

Managed Identity Architecture

AppSvc/VM/…

Azure Service

(e.g., ARM, Key Vault)Your code

Local token

service

Credentials

Azure (inject and roll credentials)

Page 9: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret

Azure Services supporting MSI

Page 10: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret

Azure Services supporting AAD Auth

Page 11: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret

https://github.com/madsd/azmon 11

https://github.com/madsd/azmon

Page 12: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret

https://www.google.com/url?sa=i&source=images&cd=&cad=rja&uact=8&ved=2ahUKEwity5XDk6nbAhVCU1AKHfqSASAQjRx6BAgBEAU&url=https://azure.microsoft.com/en-us/services/key-vault/&psig=AOvVaw0fBbJfjmUwe67_WkJqKdTF&ust=1527622522973799

Page 13: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret

Page 14: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret

Page 15: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret

Page 16: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret

Page 17: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret

Page 18: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret

countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to

changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the

date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Unacknowledged: An Expose Of The World's Greatest Secret

Vault · VAULT Reduce Cyber Breach Risk from Improper Credential Usage Bomgar Vault™ significantly improves password security for privileged users. Vault includes credential management,

Data: The (Not-So-Secret) Weapon for Mobile Successtwvideo01.ubm-us.net/o1/vault/ADC2013/slides/Suhail_Doshi_ADC 201… · Data: The (Not-So-Secret) Weapon for Mobile Success Suhail

Qualys Cloud Platform...Checkpoint Firewall. On the Login Credentials tab in the record choose A uthentication Vault, Vault Type Thycotic Secret Server, select your vault record and

Pulsonix Vault Users Guide Vault Users...Pulsonix Vault 5 Pulsonix Vault What is the Vault? Pulsonix Vault is a data management system that can help you organise and manage your Pulsonix

Secret Management with Vault (and more) · HCL (HashiCorp Configuration Language) storage* auth + policies secret audit plugin barrier configuration. barrier encryption key master

Oracle Audit Vault & Database Vault

EDUCATE AND INSPIRE YOUR CLASS - World of Coca-Cola€¦ · 1,200 artifacts Explore the myths and legends around the secret formula for Coca-Cola in the Vault of the Secret Formula

VAULT – RULES CHART · landing facing the mat stack. Additional twist results in a VOID vault. Xcel Gold Vault Chart Xcel Platinum Vault Chart Xcel Diamond Vault Chart ... 1.101,

Azure VNet - download.microsoft.com...format certificate to an Azure key vault as a secret, about how to create the Azure key vault secret, please refer to here. Record the “Vault

The Secret Vault of the Queen of Thieves€¦ · 11), a secret entrance she discovered while reconnoitering the temple. She will pick the lock to the grate and climb up before proceeding