Best Practices – Azure – Security best practices for Certificates and Client secret keys of applications in Azure Active Directory

fig : Azure Active Directory admin center - App registrations - Certificates and secrets
fig : Azure Active Directory admin center - App registrations - Certificates and secrets

Hi All,

Greetings for the day!!!

Today, on Knowledge Junction we are introducing new section – “Best Practices

In this article I’ll discuss best practices related to “Certificates and Client secret keys of applications in Azure Active Directory

For our applications in Azure AD we use Credentials – Certificates and Client secrets. We can add certificates and/or client secrets (a string, also known as passwordCredentials) as credentials to our app registration.

fig : Azure Active Directory admin center - App registrations - Certificates and secrets
fig : Azure Active Directory admin center – App registrations – Certificates and secrets

Best Practices

  • Certificates and Secret keys are credentials of an application in Azure AD
  • We should always use Certification credentials rather password / secrets credentials – x509 certificates as the credential type for getting tokens for an application
  • We should use Key Vault to store client secret keys
  • If possible use Key Vault with Managed identities to manage credentials for an application – we have separate article series on how to use managed identities –
  • We should not share credentials across multiple applications
  • We shouldn’t have many credentials for one application
  • Make sure that no credentials are committed in code repositories
  • Use code scanner tool to scan the code – This tool detects credentials, secrets, certificates, and other sensitive content in your source code and your build output. We will discuss about code scanner in separate article.

References

Thanks for reading ! If its worth at least reading once, kindly please like and share !!! SHARING IS CARING 🙂

Enjoy the beautiful life !!! Have a FUN !!! HAVE A SAFE LIFE !!! TAKE CARE 🙂

Prasham Sabadra

LIFE IS VERY BEAUTIFUL :) ENJOY THE WHOLE JOURNEY :) Founder of Knowledge Junction and live-beautiful-life.com, Author, Learner, Passionate Techie, avid reader. Certified Professional Workshop Facilitator / Public Speaker. Scrum Foundation Professional certificated. Motivational, Behavioral , Technical speaker. Speaks in various events including SharePoint Saturdays, Boot camps, Collages / Schools, local chapter. Can reach me for Microsoft 365, Azure, DevOps, SharePoint, Teams, Power Platform, JavaScript.

You may also like...

1 Response

  1. September 12, 2022

    […] In my one of the previous article we discussed best practices for Certificates and Client secret keys of applications in Azure Active Directory – https://knowledge-junction.com/2022/09/09/best-practices-azure-security-best-practices-for-certifica… […]

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: