1 - 2 of 2 posts
  • Secrets auto-rotation in Azure: Part II - AAD certificates

    In the first post of the series regarding secrets auto-rotation, I mentioned AAD certificate as part of a communication process between a client and Key Vault. Now it's time to touch this topic in more details.

    You may need AAD application for different reasons, and Key Vault access is one of them (how it was in the case of the first post).

    NOTE: If you have Azure connected VM you can reach Key Vault using MSI (managed service identity). There are many other use cases where you may need AAD application, and you can't leverage the power of MSI so this post will be useful anyway.

    Certificate-based authentication with AAD application is not the only one option (you can use keys or user credentials), but this method indeed the most practical from my experience.

    Summarizing above, the algorithm of ADD certificate auto-rotation is on the way!

  • Secrets auto-rotation in Azure: Part I - IIS SSL certificates


    With the modern digital world, it's essential to be secure as possible to protect your business and your customers.

    To accomplish this goal, you need to separate secrets for each purpose. If something is compromised, you will need to revoke/rotate only one of many.

    Why do you need to rotate secrets? The answer is straightforward. Short living secrets have the advantage that in the event of a compromise they will work only for a short period until the next rotation.

    From another hand, having short living secrets means that you need to rotate them more often which will cause pain from a secrets management point of view. So you need to automate this process to make your life easier.

    In these series of posts, I want to share some experience in this non-trivial journey!