BỜM TẬP CODE

Basic programming, .NET technology.

Home » , , » [Part 2] - Practice Azure services - Enhance security by using Key Vault and App Configuration

[Part 2] - Practice Azure services - Enhance security by using Key Vault and App Configuration

Không có nhận xét nào

 Scenario

In the previous post, we use a shared key to establish a connection to an Azure storage account (including Table storage and Blob storage) and SQL Database. This method can lead security vulnerabilities. To enhance the security of our application, we can leverage App Configuration along with Azure Key Vault. This post will illustrate how to integrate these services to our current application.

Let's started.

Overview architecture


The app now functions similarly to what was described in the earlier post. The difference is that we now save the connection string (shared key) for the storage account and SQL Database in Key Vault, and the configurations are managed in App Configuration instead of relying on the environment variables of Azure App Service. When the API starts up, it will load the configuration from an additional configuration provider, which is App Configuration, with the values sourced from Key Vault.

Set up Azure Service

If you're unsure how to set up Azure App Configuration and Azure Key Vault, you can refer to these Microsoft articles:

Quickstart: Create an Azure App Configuration store | Microsoft Learn

Tutorial for using Azure App Configuration Key Vault references in an ASP.NET Core app | Microsoft Learn

You need to have all below information prior to proceeding to the next step.

Key Vault and new secrets


App configuration


Activate Managed Identity for the API



Remember the Object (principal ID) to use for the next step.

Grant access to your API/ local dev to Key Vault

Azure role-based access control: "Key Vault Secrets User"/"Key Vault Administrator"


Modify code

You can use code sample from previous post.

Add one more extension class to add Azure App Configuration to provided configuration builder.


Modify "Program.cs" file


Run locally

Change value of config key: "appConfig:ConnectionString"
Run API from Visual studio. If It runs successfully, then deploy to Azure App Service 

Deploy new changes to Azure App Service

Check API

Environment variables of App service


API swagger - OK: means the APP can interact with App Configuration and Key Vault



Over to you: When to use the App Configuration and Key Vault and what are pros and cons?

Share:

0 nhận xét:

Đăng nhận xét

Featured Posts

Data type 3 - string type