Securing credentials in Azure-hosted applications using managed identities and Azure Key Vault - Introduction

Starting today, we begin a short series exploring an increasingly important topic: securing credentials in web-hosted applications. While the subject itself isn't entirely new, this series aims to serve as a comprehensive summary of best practices—a one-stop resource for effectively using managed identities and Azure Key Vault in the context of Azure-hosted applications.

What are we aiming to achieve ?

Web applications (whether written in ASP.NET, Java, PHP, or any other language) rarely operate in isolation. They often need to interact with external resources such as databases or storage services and this need has only intensified with the rise of microservices architecture. Traditionally, developers have accessed these resources using keys or tokens stored in configuration files like web.config, appsettings.json, or similar.
While this long-standing approach isn't inherently flawed, it can sometimes lead to security risks, such as insider threats or accidental credential leaks. The consequences of such breaches can be severe. To address these issues, several countermeasures have been developed in recent years. In the Azure ecosystem, these countermeasures are embodied in concepts like managed identities and vaults, which provide more secure and scalable ways to handle credentials.

In this series, we will revisit all these key points, examining the specific issues involved, how they can arise, and—most importantly—how to guard against them by applying best practices within the Azure ecosystem.

• Securing credentials in Azure-hosted applications using managed identities and Azure Key Vault - The traditional approach and its drawbacks
• Securing credentials in Azure-hosted applications using managed identities and Azure Key Vault - Implementing managed identities
• Securing credentials in Azure-hosted applications using managed identities and Azure Key Vault - Implementing Azure Key Vault

We referred to the following book to elucidate certain concepts.

Learning Microsoft Azure: Cloud Computing and Development Fundamentals (Andersson)

Without further ado and as usual, let's begin with a few prerequisites to correctly understand the underlying concepts. Stay tyuned.

Securing credentials in Azure-hosted applications using managed identities and Azure Key Vault - The traditional approach and its drawbacks