Best Practices – Azure – Security best practices for Certificates and Client secret keys of applications in Azure Active Directory

by ·

fig : Azure Active Directory admin center - App registrations - Certificates and secrets
fig : Azure Active Directory admin center - App registrations - Certificates and secrets

Hi All,

Greetings for the day!!!

Today, on Knowledge Junction we are introducing new section – “Best Practices

In this article I’ll discuss best practices related to “Certificates and Client secret keys of applications in Azure Active Directory

For our applications in Azure AD we use Credentials – Certificates and Client secrets. We can add certificates and/or client secrets (a string, also known as passwordCredentials) as credentials to our app registration.

fig : Azure Active Directory admin center - App registrations - Certificates and secrets
fig : Azure Active Directory admin center – App registrations – Certificates and secrets

Best Practices

  • Certificates and Secret keys are credentials of an application in Azure AD
  • We should always use Certification credentials rather password / secrets credentials – x509 certificates as the credential type for getting tokens for an application
  • We should use Key Vault to store client secret keys
  • If possible use Key Vault with Managed identities to manage credentials for an application – we have separate article series on how to use managed identities –
  • We should not share credentials across multiple applications
  • We shouldn’t have many credentials for one application
  • Make sure that no credentials are committed in code repositories
  • Use code scanner tool to scan the code – This tool detects credentials, secrets, certificates, and other sensitive content in your source code and your build output. We will discuss about code scanner in separate article.

References

Thanks for reading ! If its worth at least reading once, kindly please like and share !!! SHARING IS CARING 🙂

Enjoy the beautiful life !!! Have a FUN !!! HAVE A SAFE LIFE !!! TAKE CARE 🙂

Tags:

Prasham Sabadra

LIFE IS VERY BEAUTIFUL. ENJOY THE WHOLE JOURNEY :) Founder of Microsoft 365 Junction, Speaker, Author, Learner, Developer, Passionate Techie. Certified Professional Workshop Facilitator / Public Speaker. Believe in knowledge sharing. Around 20+ years of total IT experience and 17+ years of experience in SharePoint and Microsoft 365 services Please feel free me to contact for any SharePoint / Microsoft 365 queries. I am also very much interested in behavioral (life changing) sessions like motivational speeches, Success, Goal Setting, About Life, How to live Life etc. My book - Microsoft 365 Power Shell hand book for Administrators and Beginners and 100 Power Shell Interview Questions - https://www.amazon.in/Microsoft-Administrators-Beginners-Interview-Questions/dp/9394901639/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=1679029081&sr=8-11

You may also like...

1 Response

  1. Azure / Azure Governance – Getting notification before expiration of Azure app client secret keys | Knowledge Junction
    September 12, 2022

    […] In my one of the previous article we discussed best practices for Certificates and Client secret keys of applications in Azure Active Directory – https://knowledge-junction.com/2022/09/09/best-practices-azure-security-best-practices-for-certifica… […]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Microsoft 365

Subscribe now to keep reading and get access to the full archive.

Continue reading