AzureFunBytes Episode 56 – Secretless Applications with @ChristosMatskas

Jay

AzureFunBytes is a weekly opportunity to learn more about the fundamentals and foundations that make up Azure. It’s a chance for me to understand more about what people across the Azure organization do and how they do it. Every week we get together at 11 AM Pacific on Microsoft LearnTV and learn more about Azure.

AzureFunBytes animation

Secretless application development strives to solve some important problems, like preventing your credentials from being leaked. If you are seeing connection strings, usernames or passwords in log files, you’re adding to your risk profile. So rather than transmit clear text credentials to log into a database for your application, you can use Azure Managed Identity which is a service account managed by the Azure Active Directory.

This week on the show I’ve once again reached out to Microsoft Senior Program Manager Christos Matskas for some help learning more about implementing a Secretless strategy in developing applications. After reading this incredible blog titled “Secretless Azure Functions dev with the new Azure Identity Libraries” I knew he was the right person for the job.

Christos Matskas is a software developer, dad, blogger, husband, speaker, and all-around geek. He currently works as a Program Manager for Microsoft Identity helping developers and teams leverage the power of the identity and cloud. Before joining Microsoft, he was a successful entrepreneur collaborating with companies such as MarkIT, Lockheed Martin and Barclays. He’s been building software for over 16 years and he’s a passionate Open Source advocate. He contributes regularly to numerous OSS projects and works closely with the developer community to make the space bigger and better.

00:00:00 – Open
00:03:32 – Intro to show
00:04:40 – Welcome Back Christos
00:06:54 – Zero Trust principles
00:15:37 – Defining “Secretless”
00:28:51 – Secretless with .NET
00:42:18 – Can we use this approach with any language?
00:46:04 – Secretless with NodeJS
00:54:28 – What are you most excited about in the identity space?

Here’s our agenda: – What do we mean by Secretless? – Why it’s important to eliminate secrets from our application and deployment code – How can we achieve ‘secretless state’ with Azure? – Demos

So check out this great opportunity to learn how to improve your application’s security posture.


Learn about Azure fundamentals with me!

Live stream is normally found on Twitch, YouTube, and LearnTV at 11 AM PT / 2 PM ET Thursday. You can also find the recordings here as well:

AzureFunBytes on Twitch
AzureFunBytes on YouTube
Azure DevOps YouTube Channel
Follow AzureFunBytes on Twitter

Useful Docs:

Get $200 in free Azure Credit
Microsoft Learn: Introduction to Azure fundamentals
Manage security operations in Azure
DevBlogs: Secretless Azure Functions dev with the new Azure Identity Libraries
What are managed identities for Azure resources?
What is Azure Active Directory?
Azure AD-managed identities for Azure resources documentation
Embrace proactive security with Zero Trust
Secretless Apps with the Microsoft Identity Platform
Introduction to Azure Functions
The 425 Show Blog
The 425 Show Twitch
The 425 Show Website
Christos on TikTok

1 comment

Leave a comment

  • Péter Ádám

    Very important for our externally audited separation of responsibilities and restricted rights environment in banking.