Good Bye Credentials in Code, Welcome Azure Managed Identities

•Als PPTX, PDF herunterladen•

0 gefällt mir•1,089 views

This document discusses managed identities in Azure, which provide Azure services with automatically managed identities in Azure Active Directory. It describes system-assigned and user-assigned managed identities, how they work under the hood using the Azure instance metadata service, and examples of Azure services that support managed identities and Azure Active Directory authentication. The document concludes with a demonstration of using system-assigned and user-assigned managed identities with Azure App Service and Azure Key Vault.

Technologie

GOODBYE CREDENTIALS IN CODE,
WELCOME AZURE MANAGED
IDENTITIES
Kasun Kodagoda
Technical Lead | 99X Technology

I am, Kasun Kodagoda
• In ♥ with Azure & Azure DevOps
• Active Blogger – https://kasunkodagoda.com
• Open Source Contributor - https://github.com/kasunkv
• Technical Lead
I Work For,
• Established in 2004
• Headquartered in Sri Lanka with offices in
Europe and Australia
• Providing high quality, high value Software
Product Engineering + R&D services
14 250
150 20
+ +
++
Years Employees
Products Awards
Of Expertise Innovating Daily
To Global Markets International Impact

Managing Credentials for Other Cloud
Services

What is Managed Identity?
Managed Identities for Azure Resources is a feature in Azure AD
that providers Azure Services with an Automatically managed
identity in Azure AD

Types of Managed Identities
• System-Assigned
• Enabled directly on the supported Azure Resource Instance
• Lifecycle of the System-Assigned MI is directly tied to the Azure Resource
Instance
• Credentials are provisioned on the Azure Service Instance
• User-Assigned
• Created as a standalone Azure Resource
• Lifecycle is not directly tied to any Azure Resource
• Can be assigned to one or more Azure Resource instances

How Managed Identities Work Under the
Hood

Azure Instance
Metadata Service
Application
Code
1
Service Principle2
3
4
5
6
7

Services That Support Managed
Identities
• Enable Managed Identities on the resources
• To access Azure AD Authentication supported services
Azure VM Azure VM Scale Sets Azure App Service Azure Blueprints Azure Functions
Azure Logic Apps Azure API Management Azure Data Factory v2 Azure Container Instances

Services That Support Azure AD
Authentication
• Use Managed Identities to access these resources
Azure Resource Manager Azure Key Vault Azure Data Lake Azure SQL
Azure Storage Blobs/Queues Azure Analysis Service Azure Event Hub Azure Service Bus

DEMO
Using System Assigned & User Assigned Managed Identities with
Azure App Service & Azure Key Vault

• Blog – https://kasunkodagoda.com
• GitHub – https://github.com/kasunkv
• Twitter – https://twitter.com/kasun_kodagoda
• LinkedIn – https://www.linkedin.com/in/kasunkodagoda
• Facebook – https://www.facebook.com/kasun.kodagoda
Connect With Me…

Your Feedback is Important 
https://forms.gle/osSU42zm4CuhAF8m9

• Managed Identities for Azure Resources - http://bit.ly/2Zf75zW
• Services That Support Managed Identities - http://bit.ly/2QVxWOt
• Services That Support Azure AD Authentication - http://bit.ly/31hvyGm
• Articles about Managed Identities on KasunKodagoda.com -
https://kasunkodagoda.com/tag/managed-identity/
References

Weitere ähnliche Inhalte

Was ist angesagt?

Windows Azure Active Directory

Pavel Revenkov

Azure Active Directory (AD) is a directory as a service on Microsoft Azure. More than the cloud identity Azure AD provides a platform to build cloud applications with multi tenancy support. A flexible authentication systems which enables developers to leverage the cloud identity model and develop applications at ease. The session will walk you through on the basics of Azure AD and how to develop .NET applications using Azure AD.

Azure Active Directory

Thurupathan Vijayakumar

Integrating your on-premises Active Directory with Azure and Office 365

nelmedia

Windows azure active directory

Krunal Trivedi

O365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa Toroman

NCCOMMS

O365Con18 - Connect SharePoint Framework Solutions to API's secured with Azur...

NCCOMMS

Windows Azure Active Directory

Krunal Trivedi

CoLabora - Identity in a World of Cloud - June 2015

CoLaboraDK

Are you struggling to make heads or tails out of the identity options for Office 365, Azure and on-prem installations? Are you trying to figure out how in the world you get started implementing hybrid identity? If you have asked yourself any of these questions, you are not alone! Part two of this IT Unity webinar series will feature Rackspace’s SharePoint MVPs, Todd Klindt and Jason Himmelstein, as they walk you through the prerequisites and implementation steps to get your hybrid identity implementation underway. At the end of this one-hour webinar, you will be able to get your on-prem identities synced to Azure and be on your way to enjoying all of the benefits of the Microsoft Cloud. - See more at: http://www.itunity.com/webinar/hybrid-onramp-implementing-azure-active-directory-connect-2322#sthash.gnGuJQEP.dpuf

Implementing Azure Active Directory Connect and more

Jason Himmelstein

How to build a serverless helmet detection system

Mandar Dharmadhikari

Azure Saturday: External Collaboration With Azure AD B2B

Sjoukje Zaal

Brian Desmond - Identity and directory synchronization with office 365 and wi...

Nordic Infrastructure Conference

Azure Active Directory, Practical Guide

Sasha Rosenbaum

01_SQL Migration Using Azure Data Migration Services (DMS)_GAB2019

Kumton Suttiraksiri

Azure Active Directory Identity

Brice McDowell

Office Development Licensing, Deployment and ALM

Eric Shupps

Introduction to Azure Web Applications for Office and SharePoint Developers

Eric Shupps

Connect SharePoint Framework solutions to APIs secured with Azure AD

BIWUG

Develop enterprise-ready applications for Microsoft Teams

Markus Moeller

O365Con18 - Running SharePoint on Azure Tips - Jared Shockley

NCCOMMS

Was ist angesagt? (20)

Windows Azure Active Directory

Azure Active Directory

Integrating your on-premises Active Directory with Azure and Office 365

Windows azure active directory

O365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa Toroman

O365Con18 - Connect SharePoint Framework Solutions to API's secured with Azur...

Windows Azure Active Directory

CoLabora - Identity in a World of Cloud - June 2015

Implementing Azure Active Directory Connect and more

How to build a serverless helmet detection system

Azure Saturday: External Collaboration With Azure AD B2B

Brian Desmond - Identity and directory synchronization with office 365 and wi...

Azure Active Directory, Practical Guide

01_SQL Migration Using Azure Data Migration Services (DMS)_GAB2019

Azure Active Directory Identity

Office Development Licensing, Deployment and ALM

Introduction to Azure Web Applications for Office and SharePoint Developers

Connect SharePoint Framework solutions to APIs secured with Azure AD

Develop enterprise-ready applications for Microsoft Teams

O365Con18 - Running SharePoint on Azure Tips - Jared Shockley

Ähnlich wie Good Bye Credentials in Code, Welcome Azure Managed Identities

SecureAzureServicesUsingADAuthentication.pptx

Udaiappa Ramachandran

Zero Credential Development with Managed Identities for Azure resources

Joonas Westlin

Zero credential development with managed identities

Joonas Westlin

Passwordless Development using Azure Identity

Sarah Dutkiewicz

Configuration in azure done right

Rick van den Bosch

Keys are always needed to access services in Azure and beyond. Storing and managing keys presents many problems, for example rotating and disabling them. Keys often also allow blanket access to the service with no way to limit it. Sometimes there is only one key that needs to be shared by services, so you won't have any way to disable access from one individually. In this talk we will go through Managed Identities for Azure Resources, how they work, and how you can use them to use Azure services in a secure way without having to manage any keys yourself. We will go through a demo application which uses various Azure services through a managed identity, removing the need to use keys entirely. The source code will be available to the audience so they have samples that they can use to implement managed identities in their own applications.

Zero Credential Development with Managed Identities

Joonas Westlin

Keys are always needed to access services in Azure and beyond. Storing and managing keys presents many problems, for example rotating and disabling them. Keys often also allow blanket access to the service with no way to limit it. Sometimes there is only one key that needs to be shared by services, so you won't have any way to disable access from one individually. In this talk we go through Managed Identities for Azure Resources, how they work, and how you can use them to use Azure services in a secure way without having to manage any keys yourself. We will go through a demo application which uses various Azure services through a managed identity, removing the need to use keys entirely.

Zero Credential Development with Managed Identities

Joonas Westlin

Zero Credential Development with Managed Identities

Joonas Westlin

Demystifying Azure Certifications

Kasun Kodagoda

24 листопада відбувся вебінар від .NET Community – “Azure RBAC and Managed Identity”. Спікер: Євген Павленко – Senior Software Engineer, GlobalLogic. Розповіли, що таке Azure RBAC (Role Base Access Control) і як він працює, для чого нам Azure Managed Identity та як звільнитись від використання паролів-секретів при використанні Azure. Деталі заходу: https://bit.ly/3GSBvRx Відкриті .NET-позиції у GlobalLogic: https://bit.ly/3ilJYCq Долучитись до .NET Community у Facebook: https://www.facebook.com/groups/communitydotnet

GlobalLogic .NET Webinar #2 “Azure RBAC and Managed Identity”

GlobalLogic Ukraine

Using Windows Azure for Solving Identity Management Challenges

Michael Collier

Azure - Identity as a service

BizTalk360

Centralized Configuration Management for the Cloud with Azure App Configuration

Kasun Kodagoda

Introduction to AngularJS with the Microsoft Graph

SPC Adriatics

Every developer hears about AngularJS and all the magic it does for you applications. In order to kickstart you AngularJS journey, this session is an introduction to the AngularJS concepts applied to any Office 365 development. Different workloads will be targeted (Mail, Calendar, Files) and the Microsoft Graph will be our main datasource. As a developer, you will learn the basic concepts of AngularJS and will be able to use those in an Office 365 context. You will be able to build rich applications (Single Page Application) that will speed up your development process while using your Office 365 tenant data. The 3 key takeaways of this session are : - You will understand the basics of the AngularJS framework - You will learn how to communicate withthe Office 365 through AngularJS - You will be able to apply those new skills in your next project

SPC Adriatics 2016 - Introduction to AngularJS with the Microsoft Graph

Sébastien Levert

The Mastering Microsoft Azure Developer Training makes you proficient in developing, planning, and scaling your web applications on Microsoft Azure. It includes training on Azure App Services, Azure Storage, Azure Virtual Machines, Azure SQL Database , Microservices, Azure AD, Azure Automation and DevOps using real-life case studies. The curriculum has been designed by Microsoft MVPs & Industry expert to earn Microsoft Azure Developer Associate Certification (AZ-204).

Microsoft certified azure developer associate

Gaurav Singh

Introduction to basic governance in Azure - #GABDK

Peter Selch Dahl

Developing Solutions for Azure - Best Practices

Fisnik Doko

Getting Started with Containers

Vivek Raja P S

Az900 study guide_section2

PankajPatil639512

Ähnlich wie Good Bye Credentials in Code, Welcome Azure Managed Identities (20)

SecureAzureServicesUsingADAuthentication.pptx

Zero Credential Development with Managed Identities for Azure resources

Zero credential development with managed identities

Passwordless Development using Azure Identity

Configuration in azure done right

Zero Credential Development with Managed Identities

Demystifying Azure Certifications

GlobalLogic .NET Webinar #2 “Azure RBAC and Managed Identity”

Using Windows Azure for Solving Identity Management Challenges

Azure - Identity as a service

Centralized Configuration Management for the Cloud with Azure App Configuration

Introduction to AngularJS with the Microsoft Graph

SPC Adriatics 2016 - Introduction to AngularJS with the Microsoft Graph

Microsoft certified azure developer associate

Introduction to basic governance in Azure - #GABDK

Developing Solutions for Azure - Best Practices

Getting Started with Containers

Az900 study guide_section2

Mehr von Kasun Kodagoda

Using GitHub Actions to Deploy your Workloads to Azure

Kasun Kodagoda

Feature Toggle for .Net Core Apps on Azure with Azure App Configuration Featu...

Kasun Kodagoda

Get On Top of Azure Resource Security Using Secure DevOps Kit for Azure

Kasun Kodagoda

Serverless in the Azure World

Kasun Kodagoda

This presentation dives into the role of test automation in modern software delivery pipelines and how the expectations on the test automation have changes over time with complex business demands and faster release cycles. And the dive in to details on how Test Automation needs to evolve into Continuous Testing approach to handle the complexities and the speed required in a modern business context.

Role of Test Automation in Modern Software Delivery Pipelines

Kasun Kodagoda

DevOps: Why Should We Care?

Kasun Kodagoda

Introduction to Microsoft Azure

Kasun Kodagoda

Building Custom Visual Studio Team Service Build Tasks With VSTS DevOps Task SDK

Kasun Kodagoda

A presentation about building a continuous delivery pipeline with Visual Studio Team Services. The presentation gives a brief idea about what DevOps is, importance of DevOps, the difference between Continuous Delivery and Deployment, Importance of Continuous Delivery and an introduction to Azure Resource Manager, ARM Templates and Infrastructure as Code. The presentation finishes with a demo scenario and how to build it on VSTS.

Building a Continuous Delivery Pipeline With Visual Studio

Kasun Kodagoda

Going Serverless with Azure Functions #1 - Introduction to Azure Functions

Kasun Kodagoda

There are multiple ways of using technology to make money. In this presentation I talk about my personal views and experiences of developing mobile apps and monetizing the apps to generate revenue. What are the improvements, trips and tricks that can be used to increase the customer base and revenue. Also I give reasons why I chose developing mobile apps rather than selecting other options out there.

Making Money with Technology

Kasun Kodagoda

Better End-to-End Testing with Page Objects Model using Protractor

Kasun Kodagoda

Monetizing Windows Phone Apps

Kasun Kodagoda

Mehr von Kasun Kodagoda (13)

Using GitHub Actions to Deploy your Workloads to Azure

Feature Toggle for .Net Core Apps on Azure with Azure App Configuration Featu...

Get On Top of Azure Resource Security Using Secure DevOps Kit for Azure

Serverless in the Azure World

Role of Test Automation in Modern Software Delivery Pipelines

DevOps: Why Should We Care?

Introduction to Microsoft Azure

Building Custom Visual Studio Team Service Build Tasks With VSTS DevOps Task SDK

Building a Continuous Delivery Pipeline With Visual Studio

Going Serverless with Azure Functions #1 - Introduction to Azure Functions

Making Money with Technology

Better End-to-End Testing with Page Objects Model using Protractor

Monetizing Windows Phone Apps

Kürzlich hochgeladen

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

When you’re building (micro)services, you have lots of framework options. Spring Boot is no doubt a popular choice. But there’s more! Take Quarkus, a framework that’s considered the rising star for Kubernetes-native Java. It always depends on what's best for your situation, but how to choose the best solution if you're comparing 2 frameworks? Both Spring Boot and Quarkus have their positives and negatives. Let us compare the two by live coding a couple of common use cases in Spring Boot and Quarkus. After this talk, you’ll be ready to get started with Quarkus yourself, and know when to select Quarkus or Spring Boot.

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

Jago de Vreede

JohnPollard-hybrid-app-RailsConf2024.pptx

JohnPollard37

Exploring Multimodal Embeddings with Milvus

Zilliz

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)

Samir Dash

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Architecting Cloud Native Applications

WSO2

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Zilliz

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Kürzlich hochgeladen (20)

Why Teams call analytics are critical to your entire business

MINDCTI Revenue Release Quarter One 2024

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

JohnPollard-hybrid-app-RailsConf2024.pptx

Exploring Multimodal Embeddings with Milvus

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

CNIC Information System with Pakdata Cf In Pakistan

AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Strategies for Landing an Oracle DBA Job as a Fresher

Six Myths about Ontologies: The Basics of Formal Ontology

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Architecting Cloud Native Applications

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Introduction to Multilingual Retrieval Augmented Generation (RAG)

FWD Group - Insurer Innovation Award 2024

Apidays New York 2024 - The value of a flexible API Management solution for O...

Good Bye Credentials in Code, Welcome Azure Managed Identities

1. GOODBYE CREDENTIALS IN CODE, WELCOME AZURE MANAGED IDENTITIES Kasun Kodagoda Technical Lead | 99X Technology

2. I am, Kasun Kodagoda • In ♥ with Azure & Azure DevOps • Active Blogger – https://kasunkodagoda.com • Open Source Contributor - https://github.com/kasunkv • Technical Lead I Work For, • Established in 2004 • Headquartered in Sri Lanka with offices in Europe and Australia • Providing high quality, high value Software Product Engineering + R&D services 14 250 150 20 + + ++ Years Employees Products Awards Of Expertise Innovating Daily To Global Markets International Impact

3. Managing Credentials for Other Cloud Services

4. What is Managed Identity? Managed Identities for Azure Resources is a feature in Azure AD that providers Azure Services with an Automatically managed identity in Azure AD

5. Types of Managed Identities • System-Assigned • Enabled directly on the supported Azure Resource Instance • Lifecycle of the System-Assigned MI is directly tied to the Azure Resource Instance • Credentials are provisioned on the Azure Service Instance • User-Assigned • Created as a standalone Azure Resource • Lifecycle is not directly tied to any Azure Resource • Can be assigned to one or more Azure Resource instances

6. How Managed Identities Work Under the Hood

7. Azure Instance Metadata Service Application Code 1 Service Principle2 3 4 5 6 7

8. Services That Support Managed Identities • Enable Managed Identities on the resources • To access Azure AD Authentication supported services Azure VM Azure VM Scale Sets Azure App Service Azure Blueprints Azure Functions Azure Logic Apps Azure API Management Azure Data Factory v2 Azure Container Instances

9. Services That Support Azure AD Authentication • Use Managed Identities to access these resources Azure Resource Manager Azure Key Vault Azure Data Lake Azure SQL Azure Storage Blobs/Queues Azure Analysis Service Azure Event Hub Azure Service Bus

10. DEMO Using System Assigned & User Assigned Managed Identities with Azure App Service & Azure Key Vault

11.

12. THANK YOU Q & A

13. • Blog – https://kasunkodagoda.com • GitHub – https://github.com/kasunkv • Twitter – https://twitter.com/kasun_kodagoda • LinkedIn – https://www.linkedin.com/in/kasunkodagoda • Facebook – https://www.facebook.com/kasun.kodagoda Connect With Me…

14. Your Feedback is Important  https://forms.gle/osSU42zm4CuhAF8m9

15. • Managed Identities for Azure Resources - http://bit.ly/2Zf75zW • Services That Support Managed Identities - http://bit.ly/2QVxWOt • Services That Support Azure AD Authentication - http://bit.ly/31hvyGm • Articles about Managed Identities on KasunKodagoda.com - https://kasunkodagoda.com/tag/managed-identity/ References

Hinweis der Redaktion

.
How do you manage credentials in your application code for authenticating to other cloud services? Credentials Should never be stored in the developers machines Should never be checked in to version control When using credentials to access other resources, you have to Think about how these credentials are stored Make sure never to commit them to version control Think about credentials/key rotation to secure the keys etc.
Managed identity works in combination with Azure AD Authentication and RBAC Authorization
.
.
.

Good Bye Credentials in Code, Welcome Azure Managed Identities

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Good Bye Credentials in Code, Welcome Azure Managed Identities

Ähnlich wie Good Bye Credentials in Code, Welcome Azure Managed Identities (20)

Mehr von Kasun Kodagoda

Mehr von Kasun Kodagoda (13)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Good Bye Credentials in Code, Welcome Azure Managed Identities

Hinweis der Redaktion