Store Secret Data in .NET Core Web App with Azure Key Vault

Store secret/sensitive data with Azure Key Vault, Azure App Settings and .NET Core User Secrets in Visual Studio 2015/17

This is an exciting course that will teach you how to secure sensitive data, such as passwords and connection strings in a ASP.NET Core 1.1 Web API.

What you’ll learn

  • You will learn to store sensitive data, such as passwords, in a secure manner. You will use .NET Core User Secrets, Azure Project Settings and Azure Key Vault in combination with Active Directory to achieve this..

Course Content

  • Introduction –> 2 lectures • 4min.
  • Register with Azure –> 2 lectures • 1min.
  • Building the Web API –> 4 lectures • 14min.
  • Securing sensitive data using Azure Key Vault and Azure Active Directrory –> 4 lectures • 6min.
  • Implementing the Key Vault in the Web API –> 4 lectures • 7min.
  • Visual Studio 2017 version –> 14 lectures • 26min.

Store Secret Data in .NET Core Web App with Azure Key Vault

Requirements

  • Have completed at least one MVC 5 beginner course.
  • Have a good understanding of the C# language.

This is an exciting course that will teach you how to secure sensitive data, such as passwords and connection strings in a ASP.NET Core 1.1 Web API.

These are skills that you must master as a serious developer.

*** NEW CONTENT: The same course for ASP.NET Core 1.1 in Visual Studio 2017 has been added ***

In this course you will:

  • Register for an Azure subscription
  • Implement a .NET Core 1.1 Web API
  • Store sensitive data with User Secret Manager (secrets.json), which stays on the developer machine and won’t be propagated to a source code repository like GitHub or TFS when the code is checked in.
  • Implement an Interface called ISecrets, which will be injected into the controller’s constructor via Dependecy Injection. The values from the secrets.json file or the Azure App Settings can then be used from the controller.
  • Add an Azure Key Vault, where secret values are stored, protected by Azure Active Directory security.
  • Add an Azure Active Directory App Registration to secure the Key Vault. The Application Id and the App Registration secret key is used to access the Key Vault
  • Read values from the Key Vault using the Application Id, secret key and the Key Vault’s value endpoints
  • Call the Web API in Azure using the Chrome application Postman and make sure that the secret Key Vault values are returned. Note that the secret values normally wouldn’t be returned through the API, we do it here for educational purposes only.