madsd@microsoft · store the new secret in a secured location (such as azure key vault) and out of...
TRANSCRIPT
![Page 2: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret](https://reader033.vdocuments.net/reader033/viewer/2022060518/604c309805f92b0e404be4af/html5/thumbnails/2.jpg)
What is a Secret?
![Page 3: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret](https://reader033.vdocuments.net/reader033/viewer/2022060518/604c309805f92b0e404be4af/html5/thumbnails/3.jpg)
What is the problem?
![Page 4: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret](https://reader033.vdocuments.net/reader033/viewer/2022060518/604c309805f92b0e404be4af/html5/thumbnails/4.jpg)
![Page 5: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret](https://reader033.vdocuments.net/reader033/viewer/2022060518/604c309805f92b0e404be4af/html5/thumbnails/5.jpg)
Dude, we are serious…
5
![Page 6: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret](https://reader033.vdocuments.net/reader033/viewer/2022060518/604c309805f92b0e404be4af/html5/thumbnails/6.jpg)
Introducing Managed Identities
![Page 7: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret](https://reader033.vdocuments.net/reader033/viewer/2022060518/604c309805f92b0e404be4af/html5/thumbnails/7.jpg)
Looking at the bigger picture
![Page 8: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret](https://reader033.vdocuments.net/reader033/viewer/2022060518/604c309805f92b0e404be4af/html5/thumbnails/8.jpg)
Managed Identity Architecture
AppSvc/VM/…
Azure Service
(e.g., ARM, Key Vault)Your code
Local token
service
Credentials
1
2
3
Azure (inject and roll credentials)
![Page 9: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret](https://reader033.vdocuments.net/reader033/viewer/2022060518/604c309805f92b0e404be4af/html5/thumbnails/9.jpg)
Azure Services supporting MSI
![Page 10: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret](https://reader033.vdocuments.net/reader033/viewer/2022060518/604c309805f92b0e404be4af/html5/thumbnails/10.jpg)
Azure Services supporting AAD Auth
![Page 14: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret](https://reader033.vdocuments.net/reader033/viewer/2022060518/604c309805f92b0e404be4af/html5/thumbnails/14.jpg)
![Page 15: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret](https://reader033.vdocuments.net/reader033/viewer/2022060518/604c309805f92b0e404be4af/html5/thumbnails/15.jpg)
![Page 17: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret](https://reader033.vdocuments.net/reader033/viewer/2022060518/604c309805f92b0e404be4af/html5/thumbnails/17.jpg)
![Page 18: madsd@microsoft · Store the new secret in a secured location (such as Azure Key Vault) and out of GitHub Do not publicly share or expose the new secret Remove the published secret](https://reader033.vdocuments.net/reader033/viewer/2022060518/604c309805f92b0e404be4af/html5/thumbnails/18.jpg)
© 2017 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other
countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to
changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the
date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.