Securing Application Secrets in ASP.NET Core

By Matt Tester
Learn how to protect your passwords, API Keys, and other application secrets in your ASP.NET applications. The secure development practices you will learn make it easier to keep production environments safe from malicious or accidental harm.
Play course overview
Course info
Rating
(35)
Level
Intermediate
Updated
Dec 6, 2019
Duration
51m
Table of contents
Course Overview
Course Overview 1m
Understanding Application Secrets
Anti-patterns for Storing Secrets 4m Separation of Duties 2m Summary 1m What Are Application Secrets? 2m Why Keep Application Secrets Safe? 2m
Safely Store Secrets in Development
Getting Secrets out of the Code 2m Introducing Secret Manager 2m Secret Manager in .Net Core 5m Secret Manager in .Net Framework 5m Summary 1m Using Prefixes in .Net Framework 3m
Protecting Production Secrets with a Key Vault
Introducing Azure Key Vault 2m Running in Azure Using Managed Identities 2m Setting up Azure Key Vault 2m Summary 2m Using Azure Key Vault in .Net Core 6m Using Azure Key Vault in .Net Framework 4m What Is a Key Vault? 3m
Description
Course info
Rating
(35)
Level
Intermediate
Updated
Dec 6, 2019
Duration
51m
Description

Losing control of production passwords, API keys, and other secrets can be extremely costly to any business. In this course, Securing Application Secrets in ASP.NET Core, you will learn how to keep secrets safe in development through to production. First, you will discover the principles behind keeping application secrets protected and the common anti-patterns to avoid. Next, you will learn how to use Secret Manager to create a secure practice while developing. Finally, you will explore how to protect secrets in production using a Key Vault service. When you're finished with this course, you will have the skills and knowledge needed to secure application secrets in your ASP.NET applications.

About the author
Matt Tester
About the author

Matt is an experienced architect, developer, and mentor. Driven by making the complex simple, he takes pride in sharing the lessons learned along the way.

More from the author
Microsoft Azure for .NET Developers - Cloud Patterns and Architecture
Advanced
2h 30m
May 22, 2020
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi, everyone. My name is Matthew Tester, and welcome to my course, Securing Application Secrets in ASP.NET Core. I'm a technology consultant and cloud architect at Pure Blue Consulting in New Zealand. Applications rarely run in isolation, connecting securely with other systems using passwords and keys that need to remain secret. Losing control of these secrets can have huge consequences for your business or organization. In this course, we're going to learn how to protect application secrets all the way from development to production. Some of the major topics we will cover include the common anti‑patterns to avoid when dealing with secrets, how to safely work with secrets during development, using a Key Vault for securing secrets in production, and how this can be achieved in both .NET Core and .NET Framework. By the end of this course, you will have a solid understanding of safe development practices for managing secrets when building your own applications. Before beginning the course, you should be familiar with C# and have some familiarity with either ASP.NET or ASP.NET Core. I hope you'll join me on this journey to learn about managing secrets with the Securing Application Secrets in ASP.NET Core course, at Pluralsight.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT