Now that the #golang #AzureSDK for #KeyVault has released v1.0.0, I have updated to it and released v1 of https://pkg.go.dev/github.com/heaths/azcrypto@v1.0.0 : a cryptography client for Key Vault and #ManagedHSM that now only makes it easier to call crypto operations but tries to first cache the public key and do public key operations locally to improve performance and help mitigate throttling.

We have this in our other languages' SDKs but doesn't fit our design goals for #golang, so I wrote it as a separate module.

My https://github.com/heaths/azcrypto module for easy #Azure #KeyVault and #ManagedHSM crypto operations is now feature-complete and at parity with our other #AzureSDK languages' crypto libraries. It now supports crypto operations locally using a JWK.

Not likely to make it into our official azkeys SDK, but written to our same SDK guidelines.

azkeys will GA soon, and once I upgrade my dependency I plan to GA this module.

I've been working on a "business adjacent" project - as many of mine are - but for something that may one day be part of our #AzureSDK for #golang. Regardless of whether it gets included, I want it to feel like a first-party experience when used with our other client libraries. Given I'm part of the team, I'm coining(?) the phrase, "first-ex parte".

See https://github.com/heaths/azcrypto for a cryptography client for #Azure #KeyVault or #ManagedHSM. It's basically the same as we have in other languages.

Full #RSA and #ECDsa support is now available in https://github.com/heaths/azcrypto for #Azure #KeyVault. I'm consider AES support, but still researching AES in #golang. The APIs I'm familiar with in #csharp are significantly different so it may be a while, and AES is limited to #ManagedHSM anyway.

Since the #AzureSDK for #golang's philosophy is thin, mostly generated clients - which I don't disagree with - I built a #cryptography client atop it much like I helped drive in our other SDK languages and wrote for the #Azure #KeyVault SDK for .NET: https://github.com/heaths/azcrypto

It's very early in development right now - supporting only #ECDsa sign and verify - but is an MVP enough to get some feedback from my team or anyone else who may be interested.

Discovered a nice project could be very beneficial. A test double/fake object for KeyVault to allow easier testing 🧪

Will definitely be trying this out soon!

https://github.com/nagyesta/lowkey-vault

#Azure #Testing #KeyVault

Switching to Key Vault Secrets usage for Function App based Microsoft Sentinel Data Connectors

https://lnkd.in/di_vMPW3

#microsoft #akv #keyvault #sentinel #microsoftsentinel #siem #soar #cloud #cloudsecurity #API #function #functionapp #contenthub #azure #multicloud

TIL: #Azure #LogicApps (used for automations in the #Sentinel #SIEM system) will log all inputs and outputs in plaintext, including if you pull secrets from #KeyVault. To prevent this, go to the settings of the block and set the inputs/outputs to secret (also do this for any block that consumes sensitive information).

Why this isn't the default for a function whose sole purpose is to pull sensitive information from a Vault, I don't know. At least the affected key was easy enough to rotate.

Azure Key Vault nedir? Nasıl kullanılır? https://www.talhaturan.com/azure-key-vault-nedir-nasil-kullanilir/
#azure #bulut #cloud #datafactory #keyvault #secret

Azure Key Vault nedir? Nasıl kullanılır? https://www.talhaturan.com/azure-key-vault-nedir-nasil-kullanilir/
#azure #bulut #cloud #datafactory #keyvault #secret

I am trying to read keyvault secret from Synapse notebook using:

s = TokenLibrary.getSecret(kv, secret_name)

It works when I am running it in debug mode, but fails when it is scheduled. I granted Synapse server managed identity Get and List secret policy. What is different when it is scheduled?

#Azure #Synapse #keyvault

#PowerQuery Idea: Wouldnt be great to be able to use #KeyVault stored secrets directly from PQ to authenticate as Service Principal or to have the direct support of service principals in PQ?

RT @cmendibl3@twitter.com

Twiiterverse, el código y las slides de mi charla en la @netcoreconf@twitter.com la podéis encontrar aquí: https://github.com/cmendible/NetCoreConf/tree/master/2020/Barcelona y el repo de #atarraya es este: https://github.com/cmendible/atarraya #netcoreconf #dotnetcore #keyvault #kubernetes

🐦🔗: https://twitter.com/cmendibl3/status/1219549244903895040