I did some work with a customer last week to integrate Functions with Key Vault without using the public IP of the Key Vault. This setup worked perfectly, although there were a couple of steps involved. To document those steps, I decided to write this post. In this post we’ll build a new Azure Function […]
Tag: security
Accessing Key Vault Secrets in Kubernetes using the Key Vault CSI driver
When you store secrets in a Kubernetes cluster, by default those are stored in the etcd database within the master nodes. The same is true for secrets stored in an AKS cluster on Azure. The best practice for storing secrets is to store your secrets in KeyVault. Up to now, there was an opensource project […]
Don’t use environment variables in Kubernetes to consume secrets
Managing secrets is a complicated endeavor. Kubernetes has a native secrets implementation, that allows you to store and access secrets from your deployments. A while ago, I read a short free book on Kubernetes Security, by Liz Rice and Michael Hausenblas (apparently O’Reilly calls it a report, but I actually have a hard copy that […]
Using Azure Policy to deny public IPs on specific VNETs
Azure Policy is a powerful tool in your Azure toolbox. It allows you to enforce specific governance principals you want to see implemented in your environment. Some key examples of what Azure Policy allows you to do is: Automatically tag resources, Enforce specific regions, Enforce VM size … I recently ran into a customer scenario, […]