Best Practices – Azure – Security best practices for Certificates and Client secret keys of applications in Azure Active Directory
fig : Azure Active Directory admin center - App registrations - Certificates and secrets
Hi All,
Greetings for the day!!!
Today, on Knowledge Junction we are introducing new section – “Best Practices”
In this article I’ll discuss best practices related to “Certificates and Client secret keys of applications in Azure Active Directory“
For our applications in Azure AD we use Credentials – Certificates and Client secrets. We can add certificates and/or client secrets (a string, also known as passwordCredentials) as credentials to our app registration.
Best Practices
- Certificates and Secret keys are credentials of an application in Azure AD
- We should always use Certification credentials rather password / secrets credentials – x509 certificates as the credential type for getting tokens for an application
- We should use Key Vault to store client secret keys
- If possible use Key Vault with Managed identities to manage credentials for an application – we have separate article series on how to use managed identities –
- We should not share credentials across multiple applications
- We shouldn’t have many credentials for one application
- Make sure that no credentials are committed in code repositories
- Use code scanner tool to scan the code – This tool detects credentials, secrets, certificates, and other sensitive content in your source code and your build output. We will discuss about code scanner in separate article.
References
- Office 365 – Azure Active Directory – Registering/Creating new Azure App – detailed steps
- Azure – Connect to Key Vault from .Net Core application using Managed Identity – Part1 – Introduction to Azure Key Vault – In this article we are discussing Azure Key Vault
- Azure – Connect to Key Vault from .Net Core application using Managed Identity – Part2 – App Service – Creating App Service from Azure Portal – In this article we are discussing Azure App Service and Web jobs
- Azure – Connect to Key Vault from .Net Core application using Managed Identity – Part 3 – Publishing / Deploying .Net core console application as a Azure WebJob and Schedule it – In this article we created .Net Core console application and deploy it as Azure WebJob to Azure App Service. We also see the option of scheduling the WebJob
- Azure – Connect to Key Vault from .Net Core application using Managed Identity – Part 4 – Exploring Managed Identity and Demo
Thanks for reading ! If its worth at least reading once, kindly please like and share !!! SHARING IS CARING 🙂
Enjoy the beautiful life !!! Have a FUN !!! HAVE A SAFE LIFE !!! TAKE CARE 🙂
1 Response
[…] In my one of the previous article we discussed best practices for Certificates and Client secret keys of applications in Azure Active Directory – https://knowledge-junction.com/2022/09/09/best-practices-azure-security-best-practices-for-certifica… […]
You must log in to post a comment.