Raffaele Fanizzi's Blog

Life Runs On Code
In this second post about secrets management I want to introduce a new place that we can use to safely store secrets: Azure Key Vault. Azure Key Vault Azure Key Vault service is probably one of the safest place can be used to create, manage and store keys, secrets and certificates. And in fact is basically part of all solution architectures I have worked in the last 10 years. Basically is a cloud service that encrypts all data stored using a software key (Standard tier) or a hardware security module(HSM)-protected key (Premium tier) and it helps to solve the following problems:
This is the first of a series of posts I will write about a topic I care a lot: secrets management. What is a secret First I want to clarify and give a definition about what is a secret. In software development, a secret is confidential information that is used to access protected resources. There are a lot of examples we can do: database connection strings, credentials such as username/password or app id/app secret, certificates with private key, personal access tokens.
In the previous post we have seen how to create a container image with an Azure Self Hosted Agent based on a Windows container. Then we have run this container on a local Docker installation. This is not very useful because usually we need the agent continuously running somewhere. In Azure, we have multiple ways to host a container: Azure Kubernetes Service, Azure Container Instance or Web App for Containers. In this article I will talk about how to run the DevOps Agent on the last one.