Using Key Vault references with Azure App Configuration

When working in Azure, storing secrets in Key Vault is a good idea. And to make it better, there’s the Key Vault Reference notation. This feature makes sure no one can read the secret(s) unless someone grants permission. For storing configuration, values a different service is available, called Azure App Configuration. Both services are excellent for storing & sharing the values of your cloud services. Wouldn’t it be great to be able to combine the two? Read more →

Securing Your App Service with a Vnet

My last post was on integrating your Azure App Service with a virtual network (VNet). This post is the other way around. It’s on how to put your App Service in a VNet, or rather, behind a VNet. If you want to put your Azure App Service inside a VNet, you’ll have to look for the App Service Environment (ASE). This is an offering of dedicated machines that are placed inside a VNet and you’re paying a rather hefty fee for this. Read more →

Vnet Integration for Your App Service

It’s always a good idea to secure the resources in your Azure subscriptions. One way to do this is by using virtual networks. In a lot of cases, you will put SQL Azure servers, storage accounts and, other services in a virtual network. This will make sure the services can’t be accessed from the public internet unless you explicitly say so. There are many more advantages to putting services in a virtual network, which I won’t be covering in this post. Read more →

App Service Resource Provider Access to Keyvault

Recently, I was trying to deploy an Azure App Service which was in need for a couple of certificates, which are stored in Azure Key Vault. Our ARM template looked very similar to the one below in order to install & configure the certificates in our App Service. "resources": [ { "type": "Microsoft.Web/certificates", "name": "[parameters('certificateName')]", "apiVersion": "2019-08-01", "location": "[parameters('existingAppLocation')]", "properties": { "keyVaultId": "[parameters('existingKeyVaultId')]", "keyVaultSecretName": "[parameters('existingKeyVaultSecretName')]", "serverFarmId": "[parameters('existingServerFarmId')]" } }, { "type": "Microsoft. Read more →

Using an Azure Managed Identity to authenticate on a different App Service

A couple of weeks ago, I was tasked to implement authentication between the services we have in our Azure landscape. I knew this can be done by using the Managed Identity, as we were doing this on a project I was involved with in the past. However, I had never actually done this myself. Most of the time the System Administrators were configuring everything and I just had to copy-paste some Guids in a configuration file. Read more →