Securing Application Secrets in ASP.NET Core

By Matt Tester
Learn how to protect your passwords, API Keys, and other application secrets in your ASP.NET applications. The secure development practices you will learn make it easier to keep production environments safe from malicious or accidental harm.
Play course overview
Course info
Level
Intermediate
Updated
Dec 6, 2019
Duration
52m
Table of contents
Course Overview
Course Overview 1m
Understanding Application Secrets
What Are Application Secrets? 2m Why Keep Application Secrets Safe? 2m Separation of Duties 2m Anti-patterns for Storing Secrets 4m Summary 1m
Safely Store Secrets in Development
Getting Secrets out of the Code 2m Introducing Secret Manager 2m Secret Manager in .Net Core 5m Secret Manager in .Net Framework 5m Using Prefixes in .Net Framework 3m Summary 1m
Protecting Production Secrets with a Key Vault
What Is a Key Vault? 3m Introducing Azure Key Vault 2m Setting up Azure Key Vault 2m Using Azure Key Vault in .Net Core 6m Using Azure Key Vault in .Net Framework 4m Running in Azure Using Managed Identities 2m Summary 2m
Description
Course info
Level
Intermediate
Updated
Dec 6, 2019
Duration
52m
Description

Losing control of production passwords, API keys, and other secrets can be extremely costly to any business. In this course, Securing Application Secrets in ASP.NET Core, you will learn how to keep secrets safe in development through to production. First, you will discover the principles behind keeping application secrets protected and the common anti-patterns to avoid. Next, you will learn how to use Secret Manager to create a secure practice while developing. Finally, you will explore how to protect secrets in production using a Key Vault service. When you're finished with this course, you will have the skills and knowledge needed to secure application secrets in your ASP.NET applications.

About the author
Matt Tester
About the author

Matt is an experienced architect, developer, and mentor. Driven by making the complex simple, he takes pride in sharing the lessons learned along the way.

Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
[Autogenerated] Hi, everyone. My name is Matthew Tester and welcome to my course, securing application secrets in a Speedo NEC Corp. I'm a technology consultant and cloud architect, a pure blue consulting in New Zealand. Applications rarely run in isolation, connecting securely with other systems using passwords and keys that need to remain secret. Losing control of these secrets can have huge consequences for your business or organization. In this course, we're going to learn how to protect application secrets all the way from development to production. Some of the major topics will cover include the common anti patents to avoid when dealing with secrets, how to safely work with secrets during development, using a key vote for securing secrets in production and how this could be achieved in both dot net core on dot net framework. By the end of this course, you will have a solid understanding of safe development practices for managing secrets When building your own applications before beginning the course, you should be familiar with C Sharp and have some familiarity with either a Speedo net or a sp dot net core. I hope you'll join me on this journey to learn about managing secrets with the securing application secrets in a Speedo Net core course at your site

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT