In our previous article Azure Resource Manager Templates – Securing your Parameters with KeyVault we have used KeyVault to safely store production secrets. In large teams you may have multiple people deploying resources but don’t want to give them access to the actual secrets inside the vault. You can achieve this by creating a custom role that only gives access to the KeyVault for deployment purposes. The deployment user cannot read the secrets within.
You should never keep any confidential configuration information in an application configuration file. This include injecting sensitive information via web transformation files. Adding sensitive values via the AppService settings is not ideal either.
In all these cases you may leak sensitive information. For example via your source control. Or anyone with access to your subscription could get those secrets.
Certificates have various uses in AppServices. The most obvious one is to enable SSL for your application. Another use it to authenticate towards Azure KeyVault to retrieve confidential values.
In this post we will be uploading a certificate to KeyVault. Then we will deploy it to an AppService with Azure Resource Manager. Finally we will set a custom domain binding to use the certificate for SSL.
Storing secret information such as parameters in resource template files is not recommended. Often ARM templates are checked into source control. Now everyone has access to your confidential information.
Using parameters that are not checked into source control is one option. Azure offers a better option through it’s secure data store KeyVault. Think of it as a vault for secrets of any type.
This article will show you how to deploy a basic website with a database to Azure. It will use Resource Manager templates. Checkout the article on Resource Manager basics if you are unfamiliar.
In our introduction to Azure Resource Manager Templates we wrote a template from scratch. Whenever we used a name for a resource we had to use the full name. Imagine having to change this value. Sure you could find and replace all instance, but we all know how this could go wrong.
In our industry we have gotten used to an exponential rate of development and progress. The Azure family is no different and it’s easy to get lost. In this article we’re going to go through the basics of managing Azure via Powershell.
Azure PowerShell vs. AzureRM Powershell
Microsoft Azure PowerShell Module is the first version Microsoft released. It’s based on the old management portal and uses their terminology. Azure Powershell before 1.0 used these modules. Going forward Azure Resource Manager (ARM) technology is the common basis. Both the new portal and Azure Powershell v1.0+ use ARM. I recommend focussing on AzureRM modules wherever possible.