Azure Key Vault is one of my favourite services, competing for first place with Azure Functions. And .NET Core is my favorite framework for writing applications. Imagine, then, my suprise when I found out that my favorite tools can now work together! Azure Key Vault is a cloud service for storing sensitive "secrets" and (encryption) "keys". Key Vault is simple, easy and indispensible when developing secure applications. It helps avoid the complexity of storing sensitive information in configuration files. This can be API passwords, database connections strings etc. You get the point! Previous solutions where convoluted and complex and often …[read more]
Showing all posts tagged: 'security'
A 9-post collection
I like shiny new things. And when you work in tech, shiny new things are easy to acquire. Just switch to the new alpha/beta channel for your favourite toolset and you're sorted. However, all this comes with a massive disclosure: things can quite frequently go horribly wrong. But I love the excitement of trying new features and I'm quite happy to overlook any broken bits. I also do my best to report back to the developers. And for a long time I managed to ride the (innovation) wave without major issues. Ok, I had to reinstall things from time …[read more]
A couple of weeks ago I had the fortune to speak at CodeCraftCon in Glasgow, UK. How very fortunate as the venue was only 15 mins away from where I live! But this was not the only reason why the event was such a success. The conference was great, the location fantastic, the food extremely tasty and the overall outcome exceeded people's expectations. I greatly applaud and support events like this which can benefit the local developer community. CodeCraftCon was the first event I attended that the format was wildly different to what most of us are used to when …[read more]
Today I decided to talk about security, just because it's one of the subjects I really enjoy. I hope you'll find this informative. In recent days, there's a lot of noise on the interwebs about fingerprint security and how it can be easily compromised. Recent examples can be found here, here and here. It all started when Apple made fingerprint authentication a commodity with the introduction of Touch ID on iPhone 5. Subsequently, other phone manufacturers followed and today there are many high-end devices with a fingerprint scanner. Security researchers expect that by 2019 over 50% of smartphones will have …[read more]
The PasswordUtility API is one of the pet projects I've been working on for a while. Today I'm delighted to announce that the project goes to public availability. The solution hosted in Azure (where else?) and consists of 2 parts: A public facing website where you can test the API features A public API to use in your applications. The project is fully Open Source and it's driven by the PasswordUtility library hosted on GitHub and readily available to download from NuGet. If you're interested in knowing how the library works, I've put together a nice write up on GitHub. …[read more]
Azure Key Vault is a new(ish) service offered by the Azure team. This Platform-as-a-Service (PaaS) feature, now in general availability(GA), allows you to securely manage and protect cryptographic keys and secrets which can be used by cloud-enabled applications and services. There are 2 compelling reasons why someone may choose to use Azure Key Vault: It can be used to encrypt keys and secrets (authorisation keys, storage account keys, data encryption keys, etc) using the keys that are stored within the Azure Key Vault service and are protected by Hardware Security Modules (HMS). Alternatively, the stored keys can be …[read more]